Solved Audio ads virus?

[KentLim]

Hello there, I need some help regarding the recent frequent auto-play ad-sounds which pops out from my laptop. I have google it and it seems that it is some sort of virus/malware, which I have no clue to resolve it. Scanned my system with the Kaspersky Internet Security but still nothing was detected.

 

[Broni]

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[KentLim]

Hi Broni, thanks for helping me. the following is the FRST.text log.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-10-2015
Ran by Kent (administrator) on X42J (29-10-2015 22:42:06)
Running from C:\Users\Kent\Desktop\New folder
Loaded Profiles: Kent (Available Profiles: Kent)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\PopApp\msvidctlmcx2filterMonitor.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital ) C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Western Digital ) C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(Google Inc.) C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe
() C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
() C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
() C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(ASUS) C:\Windows\AsScrPro.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ASUS WebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-16] ()
HKLM\...\Run: [Setwallpaper] => c:\programdata\SetWallpaper.cmd
HKLM\...\Run: [WD Quick View] => C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe [4244888 2011-12-15] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [7350912 2010-02-05] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-01-06] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-20] (ASUS)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-01-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [348664 2012-08-02] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-12] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694080 2013-07-10] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2687488 2015-09-09] (Sony Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [36711472 2015-10-13] (Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKU\S-1-5-21-3789560024-2566756074-542660013-1000\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4272840 2014-03-31] (Microsoft Corporation)
HKU\S-1-5-21-3789560024-2566756074-542660013-1000\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe [10566352 2015-09-02] ()
HKU\S-1-5-21-3789560024-2566756074-542660013-1000\...\MountPoints2: {ea29a7ee-053b-11e2-bc26-806e6f6e6963} - "F:\WD Drive Unlock.exe" autoplay=true
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll [2009-11-26] (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll [2009-11-26] (eCareme Technologies, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2010-10-14]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk [2010-10-14]
ShortcutTarget: SRS Premium Sound.lnk -> C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe (Acresso Software Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-3789560024-2566756074-542660013-1000] => http=127.0.0.1:12498
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9A38F67C-A624-41B2-A91E-B8B4309ABA0E}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B64A4D99-6E2C-42DF-9096-CA8B0E25C7BE}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3789560024-2566756074-542660013-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-3789560024-2566756074-542660013-1000 -> DefaultScope {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL =
SearchScopes: HKU\S-1-5-21-3789560024-2566756074-542660013-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3789560024-2566756074-542660013-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-3789560024-2566756074-542660013-1000 -> {A8105727-97B2-4B68-8BA5-57150A17B1B3} URL = hxxp://eseeky.com/ws/?source=728386ab?tbp=rbox&toolbarid=base&u=e2e5403e218949ba6fc9ff27b3b301537c145f85&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3789560024-2566756074-542660013-1000 -> {B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2} URL = hxxp://www.baidu.com/s?wd={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&abar=2&tn=14015055_adr&ch=33
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2013-12-11] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-05-20] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-10-22] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll [2013-12-11] (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: MyStart Toolbar -> {ccb24e92-62c4-4c53-95d2-65f9eed476bc} -> C:\Program Files (x86)\mystarttb\mystartDx64.dll => No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-10-22] (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll [2013-12-11] (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2013-12-11] (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-05-20] (Kaspersky Lab ZAO)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll [2013-12-11] (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Google Dictionary Compression sdch -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -> C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll => No File
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll [2013-12-11] (Kaspersky Lab ZAO)
Toolbar: HKLM - MyStart Toolbar - {ccb24e92-62c4-4c53-95d2-65f9eed476bc} - C:\Program Files (x86)\mystarttb\mystartDx64.dll No File
Handler-x32: asp - {8D32BA61-D15B-11d4-894B-000000000000} - C:\Windows\SysWow64\hsppp.dll [2006-10-07] (EzTools Software)
Handler-x32: ezstor - {8D32BA61-D15B-11d4-894B-000000000000} - C:\Windows\SysWow64\hsppp.dll [2006-10-07] (EzTools Software)
Handler-x32: hsp - {8D32BA61-D15B-11d4-894B-000000000000} - C:\Windows\SysWow64\hsppp.dll [2006-10-07] (EzTools Software)
Handler-x32: x-asp - {8D32BA61-D15B-11d4-894B-000000000000} - C:\Windows\SysWow64\hsppp.dll [2006-10-07] (EzTools Software)
Handler-x32: x-cnote - {8D32BA61-D15B-11d4-894B-000000000000} - C:\Windows\SysWow64\hsppp.dll [2006-10-07] (EzTools Software)
Handler-x32: x-hsp - {8D32BA61-D15B-11d4-894B-000000000000} - C:\Windows\SysWow64\hsppp.dll [2006-10-07] (EzTools Software)
Handler-x32: x-mem1 - {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - C:\Windows\SysWow64\WowCtl2.dll [2006-10-13] (EzTools Software)
Handler-x32: x-zip - {8D32BA61-D15B-11d4-894B-000000000000} - C:\Windows\SysWow64\hsppp.dll [2006-10-07] (EzTools Software)
Handler-x32: zip - {8D32BA61-D15B-11d4-894B-000000000000} - C:\Windows\SysWow64\hsppp.dll [2006-10-07] (EzTools Software)

FireFox:
========
FF ProfilePath: C:\Users\Kent\AppData\Roaming\Mozilla\Firefox\Profiles\scdrvwr1.default
FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-10-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-10-22] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1221171.dll [2015-10-19] (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-21] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-21] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-10-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Kent\AppData\Roaming\mozilla\plugins\np-mswmp.dll [2009-09-26] (Microsoft Corporation)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mystarttb.xml [2015-10-11]
FF Extension: Video AdBlock for Firefox - C:\Users\Kent\AppData\Roaming\Mozilla\Firefox\Profiles\scdrvwr1.default\Extensions\{a00bef25-f21a-4539-adbb-b179b29e2b92} [2015-10-11] [not signed]
FF Extension: rootwdmaudBckp - C:\Users\Kent\AppData\Roaming\Mozilla\Firefox\Profiles\scdrvwr1.default\Extensions\rootwdmaudBckp.xpi [2015-04-08] [not signed]
FF Extension: Pirrit Suggestor - C:\Users\Kent\AppData\Roaming\Mozilla\Firefox\Profiles\scdrvwr1.default\Extensions\suggestor@pirrit.com.xpi [2013-10-31] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2015-02-18] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2015-02-18] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2015-02-18] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2015-02-18] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2015-02-18] [not signed]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.eseeky.com/ws/?source=728386ab&tbp=homepage&toolbarid=base&u=e2e5403e218949ba6fc9ff27b3b301537c145f85
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://mystart.com/default-search/rsc001__moss__org103__103_55f1ea83a6fde195087b23c7__2_4_5__moc__nt__yr/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> yahoo
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll => No File
CHR Plugin: (Skype Toolbars) - C:\Users\Kent\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll => No File
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll => No File
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Users\Kent\AppData\Local\Google\Chrome\Application\plugins\nppl3260.dll => No File
CHR Plugin: (RealPlayer Version Plugin) - C:\Users\Kent\AppData\Local\Google\Chrome\Application\plugins\nprpjplug.dll => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.2.183.13\npGoogleOneClick8.dll => No File
CHR Plugin: (Google Update) - C:\Users\Kent\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Kent\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll => No File
CHR Profile: C:\Users\Kent\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Kent\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-10-11]
CHR Extension: (Video AdBlock for Chrome) - C:\Users\Kent\AppData\Local\Google\Chrome\User Data\Default\Extensions\bknbnapaddjdnbilpmlacdkjdkjmbjhd [2015-10-11]
CHR Extension: (YouTube) - C:\Users\Kent\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Users\Kent\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Kent\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2013-04-02]
CHR Extension: (Safe Money) - C:\Users\Kent\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2013-04-02]
CHR Extension: (Content Blocker) - C:\Users\Kent\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2013-04-02]
CHR Extension: (Virtual Keyboard) - C:\Users\Kent\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2013-04-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Kent\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-31]
CHR Extension: (Gmail) - C:\Users\Kent\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR Extension: (Anti-Banner) - C:\Users\Kent\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2013-04-02]
CHR HKU\S-1-5-21-3789560024-2566756074-542660013-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2013-01-14]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx [2013-01-14]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx [2013-01-14]
CHR HKLM-x32\...\Chrome\Extension: [iphahelpmejkbidhiecfeicblienleon] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx [2013-01-14]
CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - hxxps://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx [2013-01-14]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2012-05-11] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-11] (Avira Operations GmbH & Co. KG)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-12] (Kaspersky Lab ZAO)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-10-13] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-10-13] (Dropbox, Inc.)
S3 FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [1030600 2011-04-24] (Macrovision Europe Ltd.) [File not signed]
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2011-03-31] () [File not signed]
R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-10-01] (Intel Corporation) [File not signed]
R2 pappService; C:\Program Files (x86)\PopApp\msvidctlmcx2filterMonitor.exe [187904 2015-09-21] () [File not signed]
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [496128 2015-09-09] (Sony Corporation)
S3 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [615936 2010-06-14] (Nokia) [File not signed]
R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-10-01] (Intel Corporation) [File not signed]
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe [319384 2011-12-15] (WDC)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [270704 2013-07-10] (Western Digital Technologies, Inc.)
R2 WDFMEService; C:\Program Files\Western Digital\WD SmartWare\WDFME.exe [1977224 2011-12-15] (Western Digital )
R2 WDRulesService; C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe [1338264 2011-12-15] (Western Digital )
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 1838e5927a77d55.exe; C:\Users\Kent\AppData\Local\17ec750aaca5d6421b8bef3070b772f0\1838e5927a77d55.exe [X]
S2 ad10292fd537312.exe; C:\Users\Kent\AppData\Local\f1c240225864e161d177c8a7efd7ff64\ad10292fd537312.exe [X]
S2 biosmemdiagx86.exe; C:\Users\Kent\AppData\Local\biosmemdiagx86\biosmemdiagx86.exe [X]
S2 CGIEncondingSymbolic.exe; C:\Users\Kent\AppData\Local\79c7378346a814de522f519cb93cc990\CGIEncondingSymbolic.exe [X]
S2 DatabaseMemoryPython.exe; C:\Users\Kent\AppData\Local\DatabaseMemoryPython\DatabaseMemoryPython.exe [X]
S2 KernelNativeRuntime.exe; C:\Users\Kent\AppData\Local\KernelNativeRuntime\KernelNativeRuntime.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2012-05-11] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2012-05-11] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2011-09-16] (Avira GmbH)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
S3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [117760 2009-10-15] (ELAN Microelectronic Corp.) [File not signed]
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-21] ( )
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-11] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [91008 2014-05-20] (Kaspersky Lab ZAO) [File not signed]
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628320 2014-05-20] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-12-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-12] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-21] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [177864 2015-02-18] (Kaspersky Lab ZAO)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [926824 2011-04-08] (Realtek Semiconductor Corporation )
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-10-28] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-08-07] ()
S3 JME; system32\DRIVERS\JME.sys [X]
S3 SNP2UVC; system32\DRIVERS\snp2uvc.sys [X]
U3 tmlwf; no ImagePath
U3 tmwfp; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-29 22:41 - 2015-10-29 22:42 - 00000000 ____D C:\FRST
2015-10-28 21:24 - 2015-10-28 22:11 - 00000000 ____D C:\ProgramData\RogueKiller
2015-10-28 21:24 - 2015-10-28 21:55 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-10-26 23:35 - 2015-10-26 23:35 - 00114688 _____ C:\Users\Kent\Downloads\iSolutions_Lifecycle_Cost_Tool.xls
2015-10-26 21:35 - 2015-10-27 00:13 - 00943108 _____ C:\Users\Kent\Downloads\Comparison study between VRF & central water plant using chiller system_Rev01#.xlsx
2015-10-26 21:35 - 2015-10-26 21:35 - 00105781 _____ C:\Users\Kent\Downloads\VRV Vs Central Chiller Plant_rev 3_traiff_solar.xlsx
2015-10-26 21:35 - 2015-10-26 21:35 - 00013838 _____ C:\Users\Kent\Downloads\VRV vs CHP_r2 (Revised 24 Oct)_tariff_solar.xlsx
2015-10-24 11:38 - 2015-10-25 17:32 - 01064168 _____ C:\Users\Kent\Downloads\Comparison study between VRF & central water plant using chiller system_Rev01.xlsx
2015-10-24 11:38 - 2015-10-24 11:38 - 00472513 _____ C:\Users\Kent\Downloads\Comparison study between VRF & central water plant using chiller system_Rev00.xlsx
2015-10-24 11:38 - 2015-10-24 11:38 - 00242826 _____ C:\Users\Kent\Downloads\ER481 Conceptual ECS markup.xlsx
2015-10-24 11:38 - 2015-10-24 11:38 - 00033792 _____ C:\Users\Kent\Downloads\Cooling Tower Make-up Water Tank Calculation (typical).xls
2015-10-24 11:36 - 2015-10-24 11:37 - 00000000 ____D C:\Users\Kent\Downloads\New folder
2015-10-15 22:13 - 2015-10-15 22:13 - 00000000 ____D C:\Users\Kent\AppData\Roaming\MPC-HC
2015-10-13 20:33 - 2015-10-29 22:42 - 00000000 ____D C:\Users\Kent\Desktop\New folder
2015-10-13 20:28 - 2015-10-13 20:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-10-13 20:25 - 2015-10-29 22:31 - 00000552 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2015-10-13 20:25 - 2015-10-29 22:21 - 00000548 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2015-10-13 20:25 - 2015-10-13 20:28 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-10-13 20:25 - 2015-10-13 20:25 - 00003548 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2015-10-13 20:25 - 2015-10-13 20:25 - 00003296 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
2015-10-11 18:38 - 2015-10-11 18:38 - 00000000 ____D C:\_OTL
2015-10-11 09:47 - 2015-10-11 09:47 - 00000000 ____D C:\Program Files (x86)\ESET
2015-10-11 08:29 - 2015-10-11 08:29 - 00001307 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2015-10-11 08:29 - 2015-10-11 08:29 - 00000000 ____D C:\Windows\en
2015-10-11 08:28 - 2015-10-11 08:28 - 00001376 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2015-10-11 08:27 - 2015-10-11 08:27 - 00002488 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2015-10-11 08:19 - 2015-10-20 19:16 - 00003782 _____ C:\Windows\System32\Tasks\klcp_update
2015-10-11 08:16 - 2015-10-20 19:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2015-10-11 08:16 - 2015-10-17 02:00 - 00126976 _____ C:\Windows\system32\ff_vfw.dll
2015-10-11 08:15 - 2015-10-17 02:00 - 00112128 _____ C:\Windows\SysWOW64\ff_vfw.dll
2015-10-11 08:15 - 2015-06-22 21:25 - 00254976 _____ C:\Windows\system32\xvidvfw.dll
2015-10-11 08:15 - 2015-06-22 21:25 - 00240128 _____ C:\Windows\SysWOW64\xvidvfw.dll
2015-10-11 08:15 - 2015-06-22 21:24 - 00729088 _____ C:\Windows\system32\xvidcore.dll
2015-10-11 08:15 - 2015-06-22 21:24 - 00655872 _____ C:\Windows\SysWOW64\xvidcore.dll
2015-10-11 08:15 - 2015-02-28 23:22 - 03571200 _____ (x264vfw project) C:\Windows\system32\x264vfw64.dll
2015-10-11 08:15 - 2015-02-28 23:21 - 03591680 _____ (x264vfw project) C:\Windows\SysWOW64\x264vfw.dll
2015-10-11 08:15 - 2012-07-21 18:55 - 00180736 _____ (fccHandler) C:\Windows\system32\ac3acm.acm
2015-10-11 08:15 - 2012-07-21 18:54 - 00122880 _____ (fccHandler) C:\Windows\SysWOW64\ac3acm.acm
2015-10-11 08:15 - 2011-12-08 01:37 - 00148992 _____ ( ) C:\Windows\system32\lagarith.dll
2015-10-11 08:15 - 2011-12-08 01:32 - 00216064 _____ ( ) C:\Windows\SysWOW64\lagarith.dll
2015-10-11 08:11 - 2015-10-22 19:29 - 00000000 ____D C:\Users\Kent\.oracle_jre_usage
2015-10-11 08:11 - 2015-10-11 08:11 - 00000000 ____D C:\Users\Kent\AppData\Roaming\Sun
2015-10-11 08:09 - 2015-10-22 19:27 - 00110176 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-10-11 08:08 - 2015-10-22 20:01 - 00000000 ____D C:\Program Files\Java
2015-10-11 08:07 - 2015-10-11 08:07 - 00000000 ____D C:\Users\Kent\AppData\LocalLow\Oracle
2015-10-11 07:51 - 2015-10-11 07:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-11 07:49 - 2015-10-14 20:23 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-10-11 07:46 - 2015-10-20 19:24 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-10-11 07:46 - 2015-10-11 07:46 - 00002049 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-10-11 07:28 - 2015-10-11 07:32 - 00000000 ____D C:\AdwCleaner
2015-10-11 07:25 - 2015-10-11 07:25 - 00000000 ____D C:\Users\Kent\AppData\Local\Secunia PSI
2015-10-11 07:25 - 2015-10-11 07:25 - 00000000 ____D C:\Program Files (x86)\Secunia
2015-10-11 07:17 - 2015-10-11 07:17 - 00002050 _____ C:\Users\Kent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileHippo App Manager.lnk
2015-10-11 07:17 - 2015-10-11 07:17 - 00002020 _____ C:\Users\Kent\Desktop\FileHippo App Manager.lnk
2015-10-11 07:17 - 2015-10-11 07:17 - 00000000 ____D C:\Program Files (x86)\FileHippo.com

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-29 22:40 - 2013-04-02 17:40 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-10-29 22:34 - 2010-10-14 04:41 - 01496155 _____ C:\Windows\WindowsUpdate.log
2015-10-29 22:30 - 2009-07-14 12:45 - 00019056 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-29 22:30 - 2009-07-14 12:45 - 00019056 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-29 22:25 - 2010-10-14 04:57 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-29 22:25 - 2010-10-14 04:57 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-29 22:23 - 2011-08-22 23:26 - 00000000 ___RD C:\Users\Kent\Dropbox
2015-10-29 22:23 - 2011-08-22 23:23 - 00000000 ____D C:\Users\Kent\AppData\Roaming\Dropbox
2015-10-29 22:23 - 2010-10-14 05:20 - 00000000 ____D C:\Program Files\P4G
2015-10-29 22:22 - 2011-02-26 16:55 - 00000000 ____D C:\Users\Kent\Tracing
2015-10-29 22:20 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-29 22:20 - 2009-07-14 12:51 - 00191056 _____ C:\Windows\setupact.log
2015-10-28 21:03 - 2011-02-26 15:54 - 00000000 ____D C:\Users\Kent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-10-28 21:03 - 2011-02-26 15:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-10-28 21:03 - 2011-02-26 15:53 - 00000000 ____D C:\Program Files\WinRAR
2015-10-28 20:46 - 2009-07-14 13:13 - 00788704 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-26 21:31 - 2014-11-16 14:54 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-22 20:01 - 2013-12-24 22:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-10-20 19:15 - 2011-02-26 19:47 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2015-10-14 20:07 - 2010-10-14 05:22 - 00002445 _____ C:\Windows\system32\ServiceFilter.ini
2015-10-13 20:29 - 2015-06-18 07:11 - 00000000 ____D C:\Users\Kent\AppData\Local\Dropbox
2015-10-11 08:23 - 2011-02-26 15:26 - 00000000 ____D C:\Program Files (x86)\Windows Live
2015-10-11 08:20 - 2011-08-09 11:20 - 00000000 ____D C:\Users\Kent\AppData\Roaming\Mozilla
2015-10-11 08:20 - 2009-07-14 11:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-10-11 08:14 - 2011-04-09 09:11 - 00000000 ____D C:\Program Files (x86)\Java
2015-10-11 08:13 - 2011-02-26 15:28 - 00088526 _____ C:\Windows\DirectX.log
2015-10-11 08:11 - 2011-02-26 15:25 - 00000000 ____D C:\Users\Kent
2015-10-11 08:08 - 2013-12-24 22:48 - 00000000 ____D C:\ProgramData\Oracle
2015-10-11 07:51 - 2011-08-09 11:18 - 00001161 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-10-11 07:51 - 2011-08-09 11:18 - 00001149 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-10-11 07:50 - 2011-08-09 11:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-11 07:49 - 2011-02-27 12:18 - 00000000 ____D C:\Users\Kent\AppData\Local\Adobe
2015-10-11 07:46 - 2010-10-14 04:55 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-10-11 07:38 - 2010-10-14 05:22 - 00002216 _____ C:\Windows\system32\AutoRunFilter.ini
2015-10-11 07:37 - 2015-09-22 13:07 - 00000000 ____D C:\Users\Kent\AppData\Local\minimalwinsockDrv
2015-10-11 03:31 - 2014-11-18 22:16 - 00000000 ____D C:\Users\Kent\AppData\Local\CommandDirect3dKeyboard
2015-10-11 03:31 - 2013-10-31 00:43 - 00000000 ____D C:\Program Files (x86)\Rapider
2015-10-11 01:43 - 2010-10-14 05:04 - 00394214 _____ C:\Windows\PFRO.log
2015-10-10 23:32 - 2012-08-25 13:45 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-10-10 23:20 - 2010-10-14 04:57 - 00000000 ____D C:\Program Files (x86)\ASUS
2015-10-10 23:19 - 2010-10-14 05:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility
2015-10-10 23:14 - 2010-10-14 04:54 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-10-10 23:14 - 2010-10-14 04:53 - 00000000 ____D C:\ProgramData\CyberLink
2015-10-10 23:14 - 2010-10-14 04:53 - 00000000 ____D C:\Program Files (x86)\CyberLink
2015-09-29 08:44 - 2011-02-26 16:57 - 00000000 ____D C:\Users\Kent\AppData\Local\Google

==================== Files in the root of some directories =======

2013-12-19 03:50 - 2015-03-24 00:05 - 0000127 _____ () C:\Users\Kent\AppData\Roaming\WB.CFG
2013-10-31 00:53 - 2013-10-31 00:53 - 0000218 _____ () C:\Users\Kent\AppData\Local\recently-used.xbel
2010-10-14 04:58 - 2010-07-07 07:10 - 0131472 _____ () C:\ProgramData\FullRemove.exe
2013-02-24 13:14 - 2013-02-24 13:14 - 0000000 _____ () C:\ProgramData\rebootpending.txt
2010-10-14 04:54 - 2010-10-14 04:54 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-10-14 04:53 - 2010-10-14 04:54 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

Some files in TEMP:
====================
C:\Users\Kent\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Kent\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptx0dxs.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-07 22:05

==================== End of FRST.txt ============================

 

[KentLim]

The Addition.txt as follow:

Additional scan result of Farbar Recovery Scan Tool (x64) Version:28-10-2015
Ran by Kent (2015-10-29 22:44:25)
Running from C:\Users\Kent\Desktop\New folder
Windows 7 Home Premium Service Pack 1 (X64) (2011-02-26 07:24:57)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3789560024-2566756074-542660013-500 - Administrator - Disabled)
Guest (S-1-5-21-3789560024-2566756074-542660013-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3789560024-2566756074-542660013-1002 - Limited - Enabled)
Kent (S-1-5-21-3789560024-2566756074-542660013-1000 - Administrator - Enabled) => C:\Users\Kent

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Kaspersky Internet Security (Enabled - Up to date) {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
AS: Avira Desktop (Disabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Kaspersky Internet Security (Enabled - Up to date) {0F7D947C-13CC-4207-47BE-41AC12334EC6}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {8C27F4BD-7F99-4CD1-5651-D3EB97674300}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20071 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.42.34 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.1.171 - Adobe Systems, Inc.)
ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.10 - ASUS)
ASUS AP Bank (HKLM-x32\...\ASUS AP Bank_is1) (Version: 1.0.0.0 - ASUSTEK)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0019 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.38 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0008 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0028 - ASUS)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 2.0.46.1429 - eCareme Technologies, Inc.)
ATI AVIVO64 Codecs (Version: 10.12.0.00122 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{D0528577-31BF-2ABC-D7FC-E443EBF8B40A}) (Version: 3.0.758.0 - ATI Technologies, Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0003 - ASUS)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 12.1.9.1236 - Avira)
Canon iP1800 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP1800_series) (Version: - )
ccc-core-static (x32 Version: 2010.0122.858.16002 - ATI) Hidden
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.5 - ASUS)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.10.8 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.37 - Dropbox, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.4 - ASUS)
ffdshow [rev 3154] [2009-12-09] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version: - FileHippo.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.115.11 - Intel)
Java 8 Update 66 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418066F0}) (Version: 8.0.660.17 - Oracle Corporation)
K_Series_ScreenSaver_EN (HKLM-x32\...\K_Series_ScreenSaver_EN) (Version: - )
Kaspersky Internet Security 2013 (HKLM-x32\...\InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}) (Version: 13.0.1.4190 - Kaspersky Lab)
Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190 - Kaspersky Lab) Hidden
K-Lite Mega Codec Pack 11.5.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.5.5 - )
MagicCute Data Recovery 2011.1 (HKLM-x32\...\{961FBA1C-C20F-463F-B9B1-30A2D96CC5E3}_is1) (Version: - MagicCute)
MergeModule_x64 (Version: 9.1.00 - Sony Corporation) Hidden
MergeModule_x86 (x32 Version: 9.3.00 - Sony Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Standard 2010 (HKLM-x32\...\Office14.STANDARD) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyStart Toolbar (HKLM-x32\...\mystarttb) (Version: 5.5.0.2 - Visicom Media Inc.)
PC Connectivity Solution (HKLM-x32\...\{089DD780-DB3F-4CDB-A0C2-111360247298}) (Version: 10.24.0.0 - Nokia)
PlayMemories Home (HKLM-x32\...\{94F4815B-755A-4FFA-AFDC-EE8FE776981E}) (Version: 5.0.01.09090 - Sony Corporation)
PMB_ModeEditor (x32 Version: 9.3.00 - Sony Corporation) Hidden
PMB_ServiceUploader (x32 Version: 10.0.01 - Sony Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6136 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SRS Premium Sound Control Panel (HKLM\...\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}) (Version: 1.8.5900 - SRS Labs, Inc.)
STREET FIGHTER IV (HKLM-x32\...\{59ABBDF0-E1E5-48AF-85FB-F523A08C3490}) (Version: 1.00.3013 - CAPCOM U.S.A., INC.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
syncables desktop SE (HKLM-x32\...\{341697D8-9923-445E-B42A-529E5A99CB7A}) (Version: 5.5.746.11492 - syncables)
WD Drive Utilities (HKLM-x32\...\{3E9C9EE1-1964-4519-BF80-652E7F415ECF}) (Version: 1.0.0 - Western Digital)
WD Security (HKLM-x32\...\{3F24FF1D-A137-4812-8989-D8D5EA480CFD}) (Version: 1.0.6.3 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{EC39CC32-E144-42E4-9A59-53C20B408BDE}) (Version: 1.5.4 - Western Digital)
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9600 - Broadcom Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.30.3 - ASUS)
WinRAR 5.30 beta 6 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.6 - win.rar GmbH)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.10 - ASUS)
谷歌拼音输入法 2.6 (HKLM\...\GooglePinyin2) (Version: - Google Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3789560024-2566756074-542660013-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Kent\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3789560024-2566756074-542660013-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Kent\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3789560024-2566756074-542660013-1000_Classes\CLSID\{6D7AE628-FF41-4CD3-91DD-34825BB1A251}\localserver32 -> C:\Program Files\AutoCAD 2010\acad.exe /Automation => No File
CustomCLSID: HKU\S-1-5-21-3789560024-2566756074-542660013-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Kent\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3789560024-2566756074-542660013-1000_Classes\CLSID\{D70E31AD-2614-49F2-B0FC-ACA781D81F3E}\localserver32 -> C:\Program Files\AutoCAD 2010\acad.exe => No File
CustomCLSID: HKU\S-1-5-21-3789560024-2566756074-542660013-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\AutoCAD 2010\acadficn.dll => No File
CustomCLSID: HKU\S-1-5-21-3789560024-2566756074-542660013-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Kent\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3789560024-2566756074-542660013-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Kent\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File

==================== Restore Points =========================

19-10-2015 07:39:22 Windows Backup
22-10-2015 21:08:26 JRT Pre-Junkware Removal
25-10-2015 15:16:32 JRT Pre-Junkware Removal
25-10-2015 17:33:38 JRT Pre-Junkware Removal
25-10-2015 21:06:00 Windows Backup

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 10:34 - 2009-06-11 05:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03AFE859-EE64-4B49-A6A2-D8F72FDDD085} - System32\Tasks\{3A7C8322-DF2D-40A9-9BC2-F106078362FE} => pcalua.exe -a E:\windows版BT3破解系统\Setup.exe -d E:\windows版BT3破解系统
Task: {132EAAC6-12EC-4BC4-8D89-87359443BDA8} - System32\Tasks\{B3B45932-42EA-4F7C-9138-15103F1001DE} => pcalua.exe -a c:\PROGRA~2\baidu\{81B66~1\ASBarBroker.exe -c -runasAdmin -SVCUninstall -addressbar.dll
Task: {306DB828-C7ED-40C1-B0F2-10216F1B6D44} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-12-01] ()
Task: {4C4D5D27-648D-4420-8587-F56556E41B0A} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-10-13] (Dropbox, Inc.)
Task: {577386FD-99FF-4656-BC18-C196F9DF8913} - System32\Tasks\Google Pinyin Daemon => C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe [2012-02-22] (Google Inc.)
Task: {5AB20226-D7B8-4CD3-A397-B95523793C1E} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-07-06] (ASUS)
Task: {66B51799-8CDD-472B-A131-09D976D5AFBB} - System32\Tasks\WC3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2009-07-25] ()
Task: {8B38C61E-BEBD-488B-88DE-38EA691170FD} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-10-17] ()
Task: {A9088DAE-5451-484F-8D36-38875CAE2FE1} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-08-01] (ASUS)
Task: {B00A4908-6D15-484D-9303-523DD86A0C03} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {BC67CA69-4CAD-4053-854A-29EDA358108C} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe [2009-11-25] ()
Task: {CDABBECD-EA87-45A4-AF76-9514528EB433} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2009-07-24] (ATK)
Task: {E1D91AD7-FB14-4982-89BF-2808136B104F} - System32\Tasks\{1786582C-E4EC-4562-A213-ECD7B763A766} => pcalua.exe -a "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe"
Task: {E47EC6A1-77E4-445A-89EC-C0D136F362E1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {E81E025D-55D8-4FF7-92C3-3321F8D8598C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {F70A062B-65C5-427C-A261-093F17F117D8} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-10-13] (Dropbox, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-09-22 13:07 - 2015-09-21 11:23 - 00187904 _____ () C:\Program Files (x86)\PopApp\msvidctlmcx2filterMonitor.exe
2010-11-02 07:33 - 2010-11-02 07:33 - 01083392 ____R () C:\Program Files\Western Digital\WD SmartWare\System.Data.SQLite.dll
2010-03-16 09:48 - 2010-03-16 09:48 - 00148816 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\EcaremeDLL.dll
2010-10-14 04:57 - 2010-10-14 04:57 - 00030032 _____ () C:\Windows\assembly\GAC_MSIL\SqliteShared\1.0.3726.20828__0d0f4b69e50e559b\SqliteShared.dll
2010-10-14 04:57 - 2010-10-14 04:57 - 00931840 _____ () C:\Windows\assembly\GAC_64\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll
2009-07-02 09:54 - 2009-07-02 09:54 - 00173344 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2010-10-14 05:22 - 2007-12-01 02:20 - 00051768 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
2009-11-25 04:45 - 2009-11-25 04:45 - 00053888 _____ () C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
2010-01-12 01:27 - 2010-01-12 01:27 - 00017920 _____ () C:\Program Files\P4G\DevMng.dll
2009-07-25 01:32 - 2009-07-25 01:32 - 01593344 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2008-10-01 14:02 - 2008-10-01 14:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2010-03-16 09:48 - 2010-03-16 09:48 - 01754448 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
2015-09-02 19:00 - 2015-09-02 19:00 - 10566352 _____ () C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe
2012-02-22 21:38 - 2012-02-22 21:38 - 01318456 _____ () C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe
2013-01-14 14:41 - 2013-01-14 14:41 - 01310136 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\kpcengine.2.2.dll
2012-08-17 21:38 - 2012-08-17 21:38 - 00479160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
2015-10-29 22:22 - 2015-10-29 22:22 - 00071168 _____ () c:\users\kent\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptx0dxs.dll
2015-10-13 20:28 - 2015-09-24 07:07 - 00012800 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick.2\qtquick2plugin.dll
2015-10-13 20:28 - 2015-09-24 07:07 - 00779776 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-10-13 20:28 - 2015-09-24 07:07 - 00056320 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-10-13 20:28 - 2015-09-24 07:07 - 00012288 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Window.2\windowplugin.dll
2015-10-26 21:31 - 2015-10-20 22:08 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\libglesv2.dll
2015-10-26 21:31 - 2015-10-20 22:08 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Kent\Desktop\2016 CNY flight.pdf:com.dropbox.attributes

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3789560024-2566756074-542660013-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Kent\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{AF4F58B6-C469-473E-A731-40D6126F62CB}] => (Allow) LPort=5353
FirewallRules: [{54C05B76-818D-4523-92AF-C9E93CCEFC87}] => (Allow) LPort=8182
FirewallRules: [{168EF728-C556-4067-9442-33FB5AA87234}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [TCP Query User{BA563F92-91EF-4713-BB58-E04E17495B89}C:\program files (x86)\bitcomet\bitcomet.exe] => (Allow) C:\program files (x86)\bitcomet\bitcomet.exe
FirewallRules: [UDP Query User{08DB9C12-FD16-4213-8C6C-29A83D4C983A}C:\program files (x86)\bitcomet\bitcomet.exe] => (Allow) C:\program files (x86)\bitcomet\bitcomet.exe
FirewallRules: [{11143E97-9E5C-4CC2-B4D8-DD0BD02E72F3}] => (Allow) C:\Program Files (x86)\CAPCOM\STREETFIGHTERIV\StreetFighterIV.exe
FirewallRules: [{6ED67E48-BA22-444E-9418-8BFD7E8F2009}] => (Allow) C:\Program Files (x86)\CAPCOM\STREETFIGHTERIV\StreetFighterIV.exe
FirewallRules: [TCP Query User{C4A33F71-7DDA-4931-AB33-0C73010CF484}C:\users\kent\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\kent\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{796AFE7A-7BBE-4FE9-8B7F-583B2764B1AC}C:\users\kent\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\kent\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{6AFF8C7D-C2B2-4948-A94D-5985ECE525AA}C:\program files (x86)\deluge\deluge.exe] => (Block) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [UDP Query User{59F1E676-0EC9-4E2B-A21A-1D490B0A657E}C:\program files (x86)\deluge\deluge.exe] => (Block) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [TCP Query User{29725256-9A05-4C05-8133-D711E9238289}C:\program files (x86)\dead space 2\deadspace2.exe] => (Block) C:\program files (x86)\dead space 2\deadspace2.exe
FirewallRules: [UDP Query User{C92CC61D-F986-4477-BE1D-9A30DD0A3812}C:\program files (x86)\dead space 2\deadspace2.exe] => (Block) C:\program files (x86)\dead space 2\deadspace2.exe
FirewallRules: [{27307E93-FC85-4550-A3DB-AE95C8D62B77}] => (Allow) C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe
FirewallRules: [{07DCCEE7-F21C-4B1B-B0C8-9DC47CC23F78}] => (Allow) C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe
FirewallRules: [{9F6FBE63-858D-46B9-8B90-80B911668369}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C2C7CA2F-347C-4FFD-A8EE-2D9440273C66}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{84C924BD-C275-4E8C-B51E-672E1ED1C3B1}] => (Allow) C:\Program Files (x86)\mystarttb\dtuser.exe
FirewallRules: [{AC50DF9F-F8BC-4F1B-8448-97B7A1AE1FA1}] => (Allow) C:\Program Files (x86)\mystarttb\dtuser.exe
FirewallRules: [{64220AD3-B801-4BAC-B478-D57484EB45C9}] => (Allow) C:\Program Files (x86)\mystarttb\ToolbarCleaner.exe
FirewallRules: [{E5FD661C-CA29-416E-A0E5-D450C1CED081}] => (Allow) C:\Program Files (x86)\mystarttb\ToolbarCleaner.exe
FirewallRules: [{4FABF347-B795-45E5-885F-0F7C9A119771}] => (Allow) C:\ProgramData\EmailNotifier\EmailNotifier.exe
FirewallRules: [{4A70F0D0-9F00-4502-915B-4B79F21D26B1}] => (Allow) C:\ProgramData\EmailNotifier\EmailNotifier.exe
FirewallRules: [{864ECCDB-B784-4E6F-A35C-8716574678EF}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{F5ED28D8-A9BC-4306-9D9E-D8AA11936A41}] => (Allow) LPort=2869
FirewallRules: [{143167C9-3D53-4552-A0E0-8386DCCEBDF5}] => (Allow) LPort=1900
FirewallRules: [{CC3144B7-E970-49F0-8BC9-5D7659DE250E}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{BE59B8A7-F494-4C26-94CB-54831C00BFB9}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{517DD79F-03A2-465C-963B-46A607577CD2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Ethernet Controller
Description: Ethernet Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: BT-270
Description: BT-270
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/28/2015 09:50:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program RogueKiller.exe version 10.11.3.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1778

Start Time: 01d1118708195b14

Termination Time: 0

Application Path: C:\Users\Kent\Desktop\New folder\RogueKiller.exe

Report Id: c9ee2c0c-7d7a-11e5-9b2f-fbd9d8db22cf

Error: (10/28/2015 09:46:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program RogueKiller.exe version 10.11.3.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1728

Start Time: 01d11184014bc135

Termination Time: 0

Application Path: C:\Users\Kent\Desktop\New folder\RogueKiller.exe

Report Id: 378aa46e-7d7a-11e5-9b2f-fbd9d8db22cf

Error: (10/28/2015 09:02:16 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (10/26/2015 10:17:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: ntdll.dll, version: 6.1.7601.18798, time stamp: 0x5507b864
Exception code: 0xc0000005
Fault offset: 0x000000000005105c
Faulting process id: 0x%9
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (10/25/2015 03:46:25 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/25/2015 03:46:22 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/25/2015 03:46:22 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/25/2015 03:46:22 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/24/2015 03:17:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: EXPLORERFRAME.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c6a8
Exception code: 0xc0000005
Fault offset: 0x000000000003b324
Faulting process id: 0x%9
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (10/24/2015 11:26:24 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005


System errors:
=============
Error: (10/29/2015 10:27:49 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {682159D9-C321-47CA-B3F1-30E36B2EC8B9}

Error: (10/29/2015 10:20:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The KernelNativeRuntime.exe service failed to start due to the following error:
%%2

Error: (10/29/2015 10:20:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DatabaseMemoryPython.exe service failed to start due to the following error:
%%2

Error: (10/29/2015 10:20:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CGIEncondingSymbolic.exe service failed to start due to the following error:
%%2

Error: (10/29/2015 10:20:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The biosmemdiagx86.exe service failed to start due to the following error:
%%2

Error: (10/29/2015 10:20:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Avira Realtime Protection service failed to start due to the following error:
%%1053

Error: (10/29/2015 10:20:56 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Avira Realtime Protection service to connect.

Error: (10/29/2015 10:20:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ad10292fd537312.exe service failed to start due to the following error:
%%2

Error: (10/29/2015 10:20:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The 1838e5927a77d55.exe service failed to start due to the following error:
%%2

Error: (10/29/2015 10:20:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Avira Scheduler service failed to start due to the following error:
%%1053


CodeIntegrity:
===================================
Date: 2014-09-14 10:24:45.555
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-09-14 10:24:45.505
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-09-14 10:24:45.479
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-09-14 10:24:45.441
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-09-14 10:22:05.987
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-09-14 10:22:05.865
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-08-21 00:09:15.407
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-08-21 00:09:15.407
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-08-21 00:09:15.407
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-08-21 00:09:15.407
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7 CPU Q 740 @ 1.73GHz
Percentage of memory in use: 75%
Total physical RAM: 4021.53 MB
Available physical RAM: 997.38 MB
Total Virtual: 8041.25 MB
Available Virtual: 3923.47 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:116.44 GB) (Free:45.81 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (DATA) (Fixed) (Total:329.79 GB) (Free:21.1 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E0C5913D)
Partition 1: (Not Active) - (Size=19.5 GB) - (Type=1C)
Partition 2: (Active) - (Size=116.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=329.8 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================

 

[Broni]

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

• Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  
• At the end, be sure a checkmark is placed next to the following:
  
• Launch Malwarebytes Anti-Malware
• A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  
• Click Finish.
• On the Dashboard, click the 'Update Now >>' link
• After the update completes, click the 'Scan Now >>' button.
  
• Or, on the Dashboard, click the Scan Now >> button.
• If an update is available, click the Update Now button.
  
• A Threat Scan will begin.
• When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
• In most cases, a restart will be required.
• Wait for the prompt to restart the computer to appear, then click on Yes.

If you already have MBAM 2.0 installed:

• On the Dashboard, click the 'Update Now >>' link
• After the update completes, click the 'Scan Now >>' button.
  
• Or, on the Dashboard, click the Scan Now >> button.
• If an update is available, click the Update Now button.
  
• A Threat Scan will begin.
• When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
• In most cases, a restart will be required.
• Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs:
(Export log to save as txt)

• After the restart once you are back at your desktop, open MBAM once more.
• Click on the History tab > Application Logs.
• Double click on the Scan Log which shows the Date and time of the scan just performed.
• Click 'Export'.
• Click 'Text file (*.txt)'
• In the Save File dialog box which appears, click on Desktop.
• In the File name: box type a name for your scan log.
• A message box named 'File Saved' should appear stating "Your file has been successfully exported".
• Click Ok
• Attach that saved log to your next reply.

(Copy to clipboard for pasting into forum replies or tickets)

• After the restart once you are back at your desktop, open MBAM once more.
• Click on the History tab > Application Logs.
• Double click on the Scan Log which shows the Date and time of the scan just performed.
• Click 'Copy to Clipboard'
• Paste the contents of the clipboard into your reply.

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Scan button.
• When the scan has finished click on Clean button.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

 

[KentLim]

# AdwCleaner v5.015 - Logfile created 31/10/2015 at 01:33:35
# Updated 26/10/2015 by Xplode
# Database : 2015-10-29.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Kent - X42J
# Running from : C:\Users\Kent\Desktop\New folder\adwcleaner_5.015.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Users\Kent\AppData\Roaming\Mozilla\Firefox\Profiles\scdrvwr1.default\mystarttb

***** [ Files ] *****

[-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\mystarttb.xml
[-] File Deleted : C:\Users\Kent\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ammfplfdkakimnibcghcebgbiiphabgc

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCB24E92-62C4-4C53-95D2-65F9EED476BC}
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCB24E92-62C4-4C53-95D2-65F9EED476BC}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCB24E92-62C4-4C53-95D2-65F9EED476BC}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB24E92-62C4-4C53-95D2-65F9EED476BC}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{607B689F-7600-45E4-B8E5-887F72DAB15C}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0D4A4BC-F7CD-436E-B1FA-25637BA0F5BE}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB24E92-62C4-4C53-95D2-65F9EED476BC}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CCB24E92-62C4-4C53-95D2-65F9EED476BC}
[-] Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCB24E92-62C4-4C53-95D2-65F9EED476BC}]
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{607B689F-7600-45E4-B8E5-887F72DAB15C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0D4A4BC-F7CD-436E-B1FA-25637BA0F5BE}
[-] Key Deleted : HKLM\SOFTWARE\Email Notifier
[-] Key Deleted : HKLM\SOFTWARE\mystarttb
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mystarttb

***** [ Web browsers ] *****

[-] [C:\Users\Kent\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : iphahelpmejkbidhiecfeicblienleon

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [2907 bytes] ##########

 

[KentLim]

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2015/10/31
Scan Time: 1:44
Logfile: sdas.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2015.10.30.05
Rootkit Database: v2015.10.28.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Kent

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 337989
Time Elapsed: 18 min, 43 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 21
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\APPID\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4}, Quarantined, [65b8ec7199f253e3932432d953af9868],
PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{1DD31B76-C57E-49BA-94BC-BF53F0C82CD4}, Quarantined, [65b8ec7199f253e3932432d953af9868],
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{1DD31B76-C57E-49BA-94BC-BF53F0C82CD4}, Quarantined, [65b8ec7199f253e3932432d953af9868],
PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1DD31B76-C57E-49BA-94BC-BF53F0C82CD4}, Quarantined, [65b8ec7199f253e3932432d953af9868],
PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{91878E42-FC03-4785-B513-1F9E613D1027}, Quarantined, [bd6093ca1b7074c24174898238ca31cf],
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\TYPELIB\{D02E3AB9-7796-40cb-BDFC-20D834FE1F75}, Quarantined, [bd6093ca1b7074c24174898238ca31cf],
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\INTERFACE\{FCB380C4-D350-44BE-8791-50216F4747AC}, Quarantined, [bd6093ca1b7074c24174898238ca31cf],
PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FCB380C4-D350-44BE-8791-50216F4747AC}, Quarantined, [bd6093ca1b7074c24174898238ca31cf],
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{FCB380C4-D350-44BE-8791-50216F4747AC}, Quarantined, [bd6093ca1b7074c24174898238ca31cf],
PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{D02E3AB9-7796-40cb-BDFC-20D834FE1F75}, Quarantined, [bd6093ca1b7074c24174898238ca31cf],
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{D02E3AB9-7796-40cb-BDFC-20D834FE1F75}, Quarantined, [bd6093ca1b7074c24174898238ca31cf],
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\ASBarBroker.BDBroker.1, Quarantined, [bd6093ca1b7074c24174898238ca31cf],
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\ASBarBroker.BDBroker, Quarantined, [bd6093ca1b7074c24174898238ca31cf],
PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ASBarBroker.BDBroker, Quarantined, [bd6093ca1b7074c24174898238ca31cf],
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ASBarBroker.BDBroker, Quarantined, [bd6093ca1b7074c24174898238ca31cf],
PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ASBarBroker.BDBroker.1, Quarantined, [bd6093ca1b7074c24174898238ca31cf],
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ASBarBroker.BDBroker.1, Quarantined, [bd6093ca1b7074c24174898238ca31cf],
PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{91878E42-FC03-4785-B513-1F9E613D1027}, Quarantined, [bd6093ca1b7074c24174898238ca31cf],
PUP.Optional.VMNToolBar, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{CCB24E92-62C4-4C53-95D2-65F9EED476BC}, Quarantined, [2af3da83602bb5815c0e15136f9347b9],
Adware.BDSearch, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{E5D5D4A1-17F0-41D7-B1C6-0979F91E6F46}, Quarantined, [011c65f8494245f15599000d2ad83ec2],
PUP.Optional.MyStartToolbar, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\${IEUTILSLIGHTELEVATIONPOLICYID}, Quarantined, [7e9fd687b8d3b68081f8581b6a998779],

Registry Values: 1
PUP.Optional.MyStartToolbar, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\${IEUTILSLIGHTELEVATIONPOLICYID}|AppPath, C:\Program Files (x86)\mystarttb, Quarantined, [7e9fd687b8d3b68081f8581b6a998779]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

[KentLim]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Windows 7 Home Premium x64
Ran by Kent on ?? 2015/10/31 at 6:32:01.87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Failed to delete: [File] C:\Users\Kent\Appdata\Local\7b48c1a996fa58ccde20ce975f594f1c
Failed to delete: [File] C:\Users\Kent\Appdata\Local\a05a8fd397077acccc90bf73345e98e1



~~~ Folders



~~~ Chrome


[C:\Users\Kent\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Kent\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Kent\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Kent\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ?? 2015/10/31 at 6:38:43.17
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[Broni]

RogueKiller?

 

[KentLim]

RogueKiller V10.11.3.0 (x64) [Oct 26 2015] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Kent [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Delete -- Date : 10/31/2015 08:00:11

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 23 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Setwallpaper : c:\programdata\SetWallpaper.cmd [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\1838e5927a77d55.exe (C:\Users\Kent\AppData\Local\17ec750aaca5d6421b8bef3070b772f0\1838e5927a77d55.exe) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ad10292fd537312.exe (C:\Users\Kent\AppData\Local\f1c240225864e161d177c8a7efd7ff64\ad10292fd537312.exe) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\biosmemdiagx86.exe (C:\Users\Kent\AppData\Local\biosmemdiagx86\biosmemdiagx86.exe) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CGIEncondingSymbolic.exe (C:\Users\Kent\AppData\Local\79c7378346a814de522f519cb93cc990\CGIEncondingSymbolic.exe) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DatabaseMemoryPython.exe (C:\Users\Kent\AppData\Local\DatabaseMemoryPython\DatabaseMemoryPython.exe) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\KernelNativeRuntime.exe (C:\Users\Kent\AppData\Local\KernelNativeRuntime\KernelNativeRuntime.exe) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\1838e5927a77d55.exe (C:\Users\Kent\AppData\Local\17ec750aaca5d6421b8bef3070b772f0\1838e5927a77d55.exe) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ad10292fd537312.exe (C:\Users\Kent\AppData\Local\f1c240225864e161d177c8a7efd7ff64\ad10292fd537312.exe) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\biosmemdiagx86.exe (C:\Users\Kent\AppData\Local\biosmemdiagx86\biosmemdiagx86.exe) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CGIEncondingSymbolic.exe (C:\Users\Kent\AppData\Local\79c7378346a814de522f519cb93cc990\CGIEncondingSymbolic.exe) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DatabaseMemoryPython.exe (C:\Users\Kent\AppData\Local\DatabaseMemoryPython\DatabaseMemoryPython.exe) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KernelNativeRuntime.exe (C:\Users\Kent\AppData\Local\KernelNativeRuntime\KernelNativeRuntime.exe) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\1838e5927a77d55.exe (C:\Users\Kent\AppData\Local\17ec750aaca5d6421b8bef3070b772f0\1838e5927a77d55.exe) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ad10292fd537312.exe (C:\Users\Kent\AppData\Local\f1c240225864e161d177c8a7efd7ff64\ad10292fd537312.exe) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\biosmemdiagx86.exe (C:\Users\Kent\AppData\Local\biosmemdiagx86\biosmemdiagx86.exe) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\CGIEncondingSymbolic.exe (C:\Users\Kent\AppData\Local\79c7378346a814de522f519cb93cc990\CGIEncondingSymbolic.exe) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\DatabaseMemoryPython.exe (C:\Users\Kent\AppData\Local\DatabaseMemoryPython\DatabaseMemoryPython.exe) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\KernelNativeRuntime.exe (C:\Users\Kent\AppData\Local\KernelNativeRuntime\KernelNativeRuntime.exe) -> Not selected
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-3789560024-2566756074-542660013-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:12498 -> Not selected
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-3789560024-2566756074-542660013-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:12498 -> Not selected
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3789560024-2566756074-542660013-1000\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://asus.msn.com -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3789560024-2566756074-542660013-1000\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://asus.msn.com -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] adb0aa9ec6250927eb9163cc393d5494
[BSP] b8e681ec20f3f51e484d81d4ade624cc : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 63 | Size: 20002 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 40965750 | Size: 119232 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 285153280 | Size: 337704 MB
User = LL1 ... OK
User = LL2 ... OK

 

[Broni]

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  If the connection is not there use restore point you created prior to running Combofix.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

• Double-click on the Rkill desktop icon to run the tool.
• If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

 

[KentLim]

Now only manage to running the Roger Killer scan fully after 4 times of trial.
It shown unresponding status for the previous few attempts, luckily it is ok now.

 

[Broni]

 

[KentLim]

ComboFix 15-10-28.01 - Kent 2015/10/31 11:14:46.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.65.1033.18.4022.2269 [GMT 8:00]
Running from: c:\users\Kent\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Kaspersky Internet Security *Disabled/Updated* {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
FW: Kaspersky Internet Security *Disabled* {8C27F4BD-7F99-4CD1-5651-D3EB97674300}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Kaspersky Internet Security *Disabled/Updated* {0F7D947C-13CC-4207-47BE-41AC12334EC6}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Kent\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptagbxv.dll
.
.
((((((((((((((((((((((((( Files Created from 2015-09-28 to 2015-10-31 )))))))))))))))))))))))))))))))
.
.
2015-10-31 03:22 . 2015-10-31 03:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-10-30 22:30 . 2015-10-30 23:34 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-10-30 17:43 . 2015-10-30 22:24 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-10-30 17:42 . 2015-10-30 17:43 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-10-30 17:42 . 2015-10-30 17:42 -------- d-----w- c:\programdata\Malwarebytes
2015-10-30 17:42 . 2015-10-05 01:50 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-10-30 17:42 . 2015-10-05 01:50 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-10-30 17:42 . 2015-10-05 01:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-10-30 16:55 . 2015-10-30 16:55 -------- d-----w- c:\program files\RogueKiller
2015-10-29 14:41 . 2015-10-29 14:45 -------- d-----w- C:\FRST
2015-10-28 13:24 . 2015-10-28 14:11 -------- d-----w- c:\programdata\RogueKiller
2015-10-22 12:10 . 2015-10-22 12:10 -------- d-----w- c:\program files (x86)\Common Files\Java
2015-10-15 14:13 . 2015-10-15 14:13 -------- d-----w- c:\users\Kent\AppData\Roaming\MPC-HC
2015-10-13 12:25 . 2015-10-13 12:28 -------- d-----w- c:\program files (x86)\Dropbox
2015-10-11 10:38 . 2015-10-11 10:38 -------- d-----w- C:\_OTL
2015-10-11 01:47 . 2015-10-11 01:47 -------- d-----w- c:\program files (x86)\ESET
2015-10-11 00:29 . 2015-10-11 00:29 -------- d-----w- c:\windows\en
2015-10-11 00:20 . 2015-10-11 00:20 24288 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2015-10-11 00:16 . 2015-10-16 18:00 126976 ----a-w- c:\windows\system32\ff_vfw.dll
2015-10-11 00:15 . 2011-12-07 17:37 148992 ----a-w- c:\windows\system32\lagarith.dll
2015-10-11 00:15 . 2011-12-07 17:32 216064 ----a-w- c:\windows\SysWow64\lagarith.dll
2015-10-11 00:15 . 2015-02-28 15:22 3571200 ----a-w- c:\windows\system32\x264vfw64.dll
2015-10-11 00:15 . 2015-02-28 15:21 3591680 ----a-w- c:\windows\SysWow64\x264vfw.dll
2015-10-11 00:15 . 2015-06-22 13:24 729088 ----a-w- c:\windows\system32\xvidcore.dll
2015-10-11 00:15 . 2015-06-22 13:25 254976 ----a-w- c:\windows\system32\xvidvfw.dll
2015-10-11 00:15 . 2015-06-22 13:24 655872 ----a-w- c:\windows\SysWow64\xvidcore.dll
2015-10-11 00:15 . 2015-06-22 13:25 240128 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2015-10-11 00:15 . 2012-07-21 10:55 180736 ----a-w- c:\windows\system32\ac3acm.acm
2015-10-11 00:15 . 2012-07-21 10:54 122880 ----a-w- c:\windows\SysWow64\ac3acm.acm
2015-10-11 00:15 . 2015-10-16 18:00 112128 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2015-10-11 00:11 . 2015-10-22 11:29 -------- d-----w- c:\users\Kent\.oracle_jre_usage
2015-10-11 00:09 . 2015-10-22 11:27 110176 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2015-10-11 00:08 . 2015-10-11 00:08 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ee99027a1d103b804\DSETUP.dll
2015-10-11 00:08 . 2015-10-11 00:08 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ee99027a1d103b804\DXSETUP.exe
2015-10-11 00:08 . 2015-10-11 00:08 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ee99027a1d103b804\dsetup32.dll
2015-10-11 00:08 . 2015-10-11 00:08 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e94c321e1d103b802\DSETUP.dll
2015-10-11 00:08 . 2015-10-11 00:08 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e94c321e1d103b802\DXSETUP.exe
2015-10-11 00:08 . 2015-10-11 00:08 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e94c321e1d103b802\dsetup32.dll
2015-10-11 00:08 . 2015-10-22 12:01 -------- d-----w- c:\program files\Java
2015-10-11 00:08 . 2015-10-11 00:08 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e635e9431d103b801\DSETUP.dll
2015-10-11 00:08 . 2015-10-11 00:08 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e635e9431d103b801\DXSETUP.exe
2015-10-11 00:08 . 2015-10-11 00:08 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e635e9431d103b801\dsetup32.dll
2015-10-10 23:51 . 2015-10-10 23:51 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2015-10-10 23:51 . 2015-10-09 03:14 58024 ----a-w- c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2015-10-10 23:51 . 2015-10-09 03:14 914456 ----a-w- c:\program files (x86)\Mozilla Firefox\uninstall\helper.exe
2015-10-10 23:51 . 2015-10-09 03:14 190632 ----a-w- c:\program files (x86)\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll
2015-10-10 23:28 . 2015-10-30 17:33 -------- d-----w- C:\AdwCleaner
2015-10-10 23:25 . 2015-10-10 23:25 -------- d-----w- c:\users\Kent\AppData\Local\Secunia PSI
2015-10-10 23:25 . 2015-10-10 23:25 -------- d-----w- c:\program files (x86)\Secunia
2015-10-10 23:17 . 2015-10-10 23:17 -------- d-----w- c:\program files (x86)\FileHippo.com
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-08-10 10:04 . 2015-08-10 10:04 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"FileHippo.com"="c:\program files (x86)\FileHippo.com\FileHippo.AppManager.exe" [2015-09-02 10566352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-02-04 7350912]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-01-05 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-22 98304]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-02 348664]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2013-10-12 356128]
"WD Drive Unlocker"="c:\program files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe" [2013-07-10 1694080]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2015-09-09 2687488]
"Dropbox"="c:\program files (x86)\Dropbox\Client\Dropbox.exe" [2015-10-12 36711472]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-10-06 597040]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-2 1079584]
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe /f=srs_premium_sound_nopreset.zip /h [2010-10-14 156952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]
Ime File REG_SZ GOOGLEPINYIN2.IME
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 1838e5927a77d55.exe;1838e5927a77d55.exe;c:\users\Kent\AppData\Local\17ec750aaca5d6421b8bef3070b772f0\1838e5927a77d55.exe;c:\users\Kent\AppData\Local\17ec750aaca5d6421b8bef3070b772f0\1838e5927a77d55.exe [x]
R2 ad10292fd537312.exe;ad10292fd537312.exe;c:\users\Kent\AppData\Local\f1c240225864e161d177c8a7efd7ff64\ad10292fd537312.exe;c:\users\Kent\AppData\Local\f1c240225864e161d177c8a7efd7ff64\ad10292fd537312.exe [x]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
R2 biosmemdiagx86.exe;biosmemdiagx86.exe;c:\users\Kent\AppData\Local\biosmemdiagx86\biosmemdiagx86.exe;c:\users\Kent\AppData\Local\biosmemdiagx86\biosmemdiagx86.exe [x]
R2 CGIEncondingSymbolic.exe;CGIEncondingSymbolic.exe;c:\users\Kent\AppData\Local\79c7378346a814de522f519cb93cc990\CGIEncondingSymbolic.exe;c:\users\Kent\AppData\Local\79c7378346a814de522f519cb93cc990\CGIEncondingSymbolic.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DatabaseMemoryPython.exe;DatabaseMemoryPython.exe;c:\users\Kent\AppData\Local\DatabaseMemoryPython\DatabaseMemoryPython.exe;c:\users\Kent\AppData\Local\DatabaseMemoryPython\DatabaseMemoryPython.exe [x]
R2 dbupdate;Dropbox ???? (dbupdate);c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe;c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe [x]
R2 KernelNativeRuntime.exe;KernelNativeRuntime.exe;c:\users\Kent\AppData\Local\KernelNativeRuntime\KernelNativeRuntime.exe;c:\users\Kent\AppData\Local\KernelNativeRuntime\KernelNativeRuntime.exe [x]
R2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 dbupdatem;Dropbox ???? (dbupdatem);c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe;c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys;c:\windows\SYSNATIVE\DRIVERS\JME.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 RTL8192cu;TP-LINK 300Mbps Mini Wireless N USB Adapter;c:\windows\system32\DRIVERS\RTL8192cu.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192cu.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 pappService;pappServiceN;c:\program files (x86)\PopApp\msvidctlmcx2filterMonitor.exe;c:\program files (x86)\PopApp\msvidctlmcx2filterMonitor.exe [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WDDMService.exe;c:\program files\Western Digital\WD SmartWare\WDDMService.exe [x]
S2 WDDriveService;WD Drive Manager;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [x]
S2 WDFMEService;WDFME;c:\program files\Western Digital\WD SmartWare\WDFME.exe;c:\program files\Western Digital\WD SmartWare\WDFME.exe [x]
S2 WDRulesService;WDRules;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-10-26 13:28 997704 ----a-w- c:\program files (x86)\Google\Chrome\Application\46.0.2490.80\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-10-31 c:\windows\Tasks\DropboxUpdateTaskMachineCore.job
- c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-10-13 12:24]
.
2015-10-31 c:\windows\Tasks\DropboxUpdateTaskMachineUA.job
- c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-10-13 12:24]
.
2015-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-13 15:17]
.
2015-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-13 15:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-10-12 23:34 232712 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-10-12 23:34 232712 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-10-12 23:34 232712 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-10-12 23:34 232712 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-10-12 23:34 232712 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-10-12 23:34 232712 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-10-12 23:34 232712 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-10-12 23:34 232712 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-10-12 23:34 232712 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-10-12 23:34 232712 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-10-12 23:34 232712 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-10-12 23:34 232712 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-10-12 23:34 232712 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-10-12 23:34 232712 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-10-12 23:34 232712 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-10-12 23:34 232712 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]
"WD Quick View"="c:\program files\Western Digital\WD SmartWare\WDDMStatus.exe" [2011-12-15 4244888]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:12498
uInternet Settings,ProxyOverride = *origin.com;*ea.com;*akamaihd.net;<local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Kent\AppData\Roaming\Mozilla\Firefox\Profiles\scdrvwr1.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
AddRemove-K_Series_ScreenSaver_EN - c:\windows\system32\K_Series_ScreenSaver_EN.scr
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8b,26,d3,c7,67,5c,e6,4c,90,b0,2d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8b,26,d3,c7,67,5c,e6,4c,90,b0,2d,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\ASUS\ASUS Live Update\ALU.exe
c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
.
**************************************************************************
.
Completion time: 2015-10-31 11:31:48 - machine was rebooted
ComboFix-quarantined-files.txt 2015-10-31 03:31
.
Pre-Run: 48,233,635,840 bytes free
Post-Run: 47,740,268,544 bytes free
.
- - End Of File - - 37DEDF50EAD925EDF3DB30AB06C14DDB

 

[Broni]

You're running two AV programs, Avira and Kaspersky.
You must uninstall one of them.

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

• Double click to run it.
• Make sure you checkmark Addition.txt box.
• Press Scan button.
• Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

 

[KentLim]

Attempted to uninstall the avira, but the following message pops out:
"Avira's CCPLG.XML file is missing. Please wait for the automatic Avira update."

 

[KentLim]

After some effort, finally managed to uninstall the Avira manually.

 

[KentLim]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-10-2015
Ran by Kent (administrator) on X42J (31-10-2015 13:02:50)
Running from C:\Users\Kent\Desktop\New folder
Loaded Profiles: Kent (Available Profiles: Kent)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(Google Inc.) C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe
() C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
() C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe
() C:\Program Files (x86)\PopApp\msvidctlmcx2filterMonitor.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital ) C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Western Digital ) C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
() C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
(ASUS) C:\Windows\AsScrPro.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\sdclt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ASUS WebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-16] ()
HKLM\...\Run: [Setwallpaper] => c:\programdata\SetWallpaper.cmd
HKLM\...\Run: [WD Quick View] => C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe [4244888 2011-12-15] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [7350912 2010-02-05] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-01-06] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-20] (ASUS)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-01-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-12] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694080 2013-07-10] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2687488 2015-09-09] (Sony Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [36711472 2015-10-13] (Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKU\S-1-5-21-3789560024-2566756074-542660013-1000\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe [10566352 2015-09-02] ()
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll [2009-11-26] (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll [2009-11-26] (eCareme Technologies, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2010-10-14]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk [2010-10-14]
ShortcutTarget: SRS Premium Sound.lnk -> C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe (Acresso Software Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-3789560024-2566756074-542660013-1000] => http=127.0.0.1:12498
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9A38F67C-A624-41B2-A91E-B8B4309ABA0E}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B64A4D99-6E2C-42DF-9096-CA8B0E25C7BE}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3789560024-2566756074-542660013-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3789560024-2566756074-542660013-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\S-1-5-21-3789560024-2566756074-542660013-1000 -> DefaultScope {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL =
SearchScopes: HKU\S-1-5-21-3789560024-2566756074-542660013-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3789560024-2566756074-542660013-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-3789560024-2566756074-542660013-1000 -> {A8105727-97B2-4B68-8BA5-57150A17B1B3} URL = hxxp://eseeky.com/ws/?source=728386ab?tbp=rbox&toolbarid=base&u=e2e5403e218949ba6fc9ff27b3b301537c145f85&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3789560024-2566756074-542660013-1000 -> {B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2} URL = hxxp://www.baidu.com/s?wd={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&abar=2&tn=14015055_adr&ch=33
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2013-12-11] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-05-20] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-10-22] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll [2013-12-11] (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-10-22] (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll [2013-12-11] (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2013-12-11] (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-05-20] (Kaspersky Lab ZAO)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll [2013-12-11] (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Google Dictionary Compression sdch -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -> C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll => No File
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll [2013-12-11] (Kaspersky Lab ZAO)
Handler-x32: asp - {8D32BA61-D15B-11d4-894B-000000000000} - C:\Windows\SysWow64\hsppp.dll [2006-10-07] (EzTools Software)
Handler-x32: ezstor - {8D32BA61-D15B-11d4-894B-000000000000} - C:\Windows\SysWow64\hsppp.dll [2006-10-07] (EzTools Software)
Handler-x32: hsp - {8D32BA61-D15B-11d4-894B-000000000000} - C:\Windows\SysWow64\hsppp.dll [2006-10-07] (EzTools Software)
Handler-x32: x-asp - {8D32BA61-D15B-11d4-894B-000000000000} - C:\Windows\SysWow64\hsppp.dll [2006-10-07] (EzTools Software)
Handler-x32: x-cnote - {8D32BA61-D15B-11d4-894B-000000000000} - C:\Windows\SysWow64\hsppp.dll [2006-10-07] (EzTools Software)
Handler-x32: x-hsp - {8D32BA61-D15B-11d4-894B-000000000000} - C:\Windows\SysWow64\hsppp.dll [2006-10-07] (EzTools Software)
Handler-x32: x-mem1 - {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - C:\Windows\SysWow64\WowCtl2.dll [2006-10-13] (EzTools Software)
Handler-x32: x-zip - {8D32BA61-D15B-11d4-894B-000000000000} - C:\Windows\SysWow64\hsppp.dll [2006-10-07] (EzTools Software)
Handler-x32: zip - {8D32BA61-D15B-11d4-894B-000000000000} - C:\Windows\SysWow64\hsppp.dll [2006-10-07] (EzTools Software)

FireFox:
========
FF ProfilePath: C:\Users\Kent\AppData\Roaming\Mozilla\Firefox\Profiles\scdrvwr1.default
FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-10-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-10-22] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1221171.dll [2015-10-19] (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-21] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-21] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-10-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Kent\AppData\Roaming\mozilla\plugins\np-mswmp.dll [2009-09-26] (Microsoft Corporation)
FF Extension: Avira Browser Safety - C:\Users\Kent\AppData\Roaming\Mozilla\Firefox\Profiles\scdrvwr1.default\Extensions\abs@avira.com [2015-10-31] [not signed]
FF Extension: Video AdBlock for Firefox - C:\Users\Kent\AppData\Roaming\Mozilla\Firefox\Profiles\scdrvwr1.default\Extensions\{a00bef25-f21a-4539-adbb-b179b29e2b92} [2015-10-11] [not signed]
FF Extension: rootwdmaudBckp - C:\Users\Kent\AppData\Roaming\Mozilla\Firefox\Profiles\scdrvwr1.default\Extensions\rootwdmaudBckp.xpi [2015-04-08] [not signed]
FF Extension: Pirrit Suggestor - C:\Users\Kent\AppData\Roaming\Mozilla\Firefox\Profiles\scdrvwr1.default\Extensions\suggestor@pirrit.com.xpi [2013-10-31] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2015-02-18] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2015-02-18] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2015-02-18] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2015-02-18] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2015-02-18] [not signed]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.eseeky.com/ws/?source=728386ab&tbp=homepage&toolbarid=base&u=e2e5403e218949ba6fc9ff27b3b301537c145f85
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://mystart.com/default-search/rsc001__moss__org103__103_55f1ea83a6fde195087b23c7__2_4_5__moc__nt__yr/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> yahoo
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll => No File
CHR Plugin: (Skype Toolbars) - C:\Users\Kent\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll => No File
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll => No File
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Users\Kent\AppData\Local\Google\Chrome\Application\plugins\nppl3260.dll => No File
CHR Plugin: (RealPlayer Version Plugin) - C:\Users\Kent\AppData\Local\Google\Chrome\Application\plugins\nprpjplug.dll => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.2.183.13\npGoogleOneClick8.dll => No File
CHR Plugin: (Google Update) - C:\Users\Kent\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Kent\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll => No File
CHR Profile: C:\Users\Kent\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Kent\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-10-11]
CHR Extension: (Video AdBlock for Chrome) - C:\Users\Kent\AppData\Local\Google\Chrome\User Data\Default\Extensions\bknbnapaddjdnbilpmlacdkjdkjmbjhd [2015-10-11]
CHR Extension: (YouTube) - C:\Users\Kent\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Users\Kent\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Kent\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2013-04-02]
CHR Extension: (Safe Money) - C:\Users\Kent\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2013-04-02]
CHR Extension: (Content Blocker) - C:\Users\Kent\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2013-04-02]
CHR Extension: (Virtual Keyboard) - C:\Users\Kent\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2013-04-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Kent\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-31]
CHR Extension: (Gmail) - C:\Users\Kent\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR Extension: (Anti-Banner) - C:\Users\Kent\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2013-04-02]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3789560024-2566756074-542660013-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2013-01-14]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx [2013-01-14]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx [2013-01-14]
CHR HKLM-x32\...\Chrome\Extension: [iphahelpmejkbidhiecfeicblienleon] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx [2013-01-14]
CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - hxxps://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx [2013-01-14]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-12] (Kaspersky Lab ZAO)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-10-13] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-10-13] (Dropbox, Inc.)
S3 FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [1030600 2011-04-24] (Macrovision Europe Ltd.) [File not signed]
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2011-03-31] () [File not signed]
R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-10-01] (Intel Corporation) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 pappService; C:\Program Files (x86)\PopApp\msvidctlmcx2filterMonitor.exe [187904 2015-09-21] () [File not signed]
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [496128 2015-09-09] (Sony Corporation)
S3 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [615936 2010-06-14] (Nokia) [File not signed]
R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-10-01] (Intel Corporation) [File not signed]
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe [319384 2011-12-15] (WDC)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [270704 2013-07-10] (Western Digital Technologies, Inc.)
R2 WDFMEService; C:\Program Files\Western Digital\WD SmartWare\WDFME.exe [1977224 2011-12-15] (Western Digital )
R2 WDRulesService; C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe [1338264 2011-12-15] (Western Digital )
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 1838e5927a77d55.exe; C:\Users\Kent\AppData\Local\17ec750aaca5d6421b8bef3070b772f0\1838e5927a77d55.exe [X]
S2 ad10292fd537312.exe; C:\Users\Kent\AppData\Local\f1c240225864e161d177c8a7efd7ff64\ad10292fd537312.exe [X]
S2 biosmemdiagx86.exe; C:\Users\Kent\AppData\Local\biosmemdiagx86\biosmemdiagx86.exe [X]
S2 CGIEncondingSymbolic.exe; C:\Users\Kent\AppData\Local\79c7378346a814de522f519cb93cc990\CGIEncondingSymbolic.exe [X]
S2 DatabaseMemoryPython.exe; C:\Users\Kent\AppData\Local\DatabaseMemoryPython\DatabaseMemoryPython.exe [X]
S2 KernelNativeRuntime.exe; C:\Users\Kent\AppData\Local\KernelNativeRuntime\KernelNativeRuntime.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
S3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [117760 2009-10-15] (ELAN Microelectronic Corp.) [File not signed]
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-21] ( )
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-11] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [91008 2014-05-20] (Kaspersky Lab ZAO) [File not signed]
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628320 2014-05-20] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-12-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-12] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-21] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [177864 2015-02-18] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [926824 2011-04-08] (Realtek Semiconductor Corporation )
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-08-07] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 JME; system32\DRIVERS\JME.sys [X]
S3 SNP2UVC; system32\DRIVERS\snp2uvc.sys [X]
U3 tmlwf; no ImagePath
U3 tmwfp; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-31 11:45 - 2015-10-31 13:00 - 00000000 ____D C:\ProgramData\Package Cache
2015-10-31 11:13 - 2015-10-31 11:31 - 00000000 ____D C:\Qoobox
2015-10-31 11:13 - 2015-10-31 11:30 - 00000000 ____D C:\Windows\erdnt
2015-10-31 11:13 - 2011-06-26 14:45 - 00256000 _____ C:\Windows\PEV.exe
2015-10-31 11:13 - 2010-11-08 01:20 - 00208896 _____ C:\Windows\MBR.exe
2015-10-31 11:13 - 2009-04-20 12:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-10-31 11:13 - 2000-08-31 08:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-10-31 11:13 - 2000-08-31 08:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-10-31 11:13 - 2000-08-31 08:00 - 00098816 _____ C:\Windows\sed.exe
2015-10-31 11:13 - 2000-08-31 08:00 - 00080412 _____ C:\Windows\grep.exe
2015-10-31 11:13 - 2000-08-31 08:00 - 00068096 _____ C:\Windows\zip.exe
2015-10-31 11:11 - 2015-10-31 11:11 - 05637361 ____R (Swearware) C:\Users\Kent\Desktop\ComboFix.exe
2015-10-31 06:30 - 2015-10-31 07:34 - 00037624 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-10-31 01:43 - 2015-10-31 06:24 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-31 01:43 - 2015-10-31 01:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-31 01:42 - 2015-10-31 01:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-10-31 01:42 - 2015-10-31 01:42 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-10-31 01:42 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-10-31 01:42 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-10-31 01:42 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-10-31 00:55 - 2015-10-31 07:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2015-10-31 00:55 - 2015-10-31 00:55 - 00000000 ____D C:\Program Files\RogueKiller
2015-10-29 22:41 - 2015-10-31 13:03 - 00000000 ____D C:\FRST
2015-10-28 21:24 - 2015-10-28 22:11 - 00000000 ____D C:\ProgramData\RogueKiller
2015-10-26 23:35 - 2015-10-26 23:35 - 00114688 _____ C:\Users\Kent\Downloads\iSolutions_Lifecycle_Cost_Tool.xls
2015-10-26 21:35 - 2015-10-27 00:13 - 00943108 _____ C:\Users\Kent\Downloads\Comparison study between VRF & central water plant using chiller system_Rev01#.xlsx
2015-10-26 21:35 - 2015-10-26 21:35 - 00105781 _____ C:\Users\Kent\Downloads\VRV Vs Central Chiller Plant_rev 3_traiff_solar.xlsx
2015-10-26 21:35 - 2015-10-26 21:35 - 00013838 _____ C:\Users\Kent\Downloads\VRV vs CHP_r2 (Revised 24 Oct)_tariff_solar.xlsx
2015-10-24 11:38 - 2015-10-25 17:32 - 01064168 _____ C:\Users\Kent\Downloads\Comparison study between VRF & central water plant using chiller system_Rev01.xlsx
2015-10-24 11:38 - 2015-10-24 11:38 - 00472513 _____ C:\Users\Kent\Downloads\Comparison study between VRF & central water plant using chiller system_Rev00.xlsx
2015-10-24 11:38 - 2015-10-24 11:38 - 00242826 _____ C:\Users\Kent\Downloads\ER481 Conceptual ECS markup.xlsx
2015-10-24 11:38 - 2015-10-24 11:38 - 00033792 _____ C:\Users\Kent\Downloads\Cooling Tower Make-up Water Tank Calculation (typical).xls
2015-10-24 11:36 - 2015-10-24 11:37 - 00000000 ____D C:\Users\Kent\Downloads\New folder
2015-10-15 22:13 - 2015-10-15 22:13 - 00000000 ____D C:\Users\Kent\AppData\Roaming\MPC-HC
2015-10-13 20:33 - 2015-10-31 13:02 - 00000000 ____D C:\Users\Kent\Desktop\New folder
2015-10-13 20:28 - 2015-10-13 20:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-10-13 20:25 - 2015-10-31 12:56 - 00000548 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2015-10-13 20:25 - 2015-10-31 11:30 - 00000552 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2015-10-13 20:25 - 2015-10-13 20:28 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-10-13 20:25 - 2015-10-13 20:25 - 00003548 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2015-10-13 20:25 - 2015-10-13 20:25 - 00003296 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
2015-10-11 18:38 - 2015-10-11 18:38 - 00000000 ____D C:\_OTL
2015-10-11 09:47 - 2015-10-11 09:47 - 00000000 ____D C:\Program Files (x86)\ESET
2015-10-11 08:29 - 2015-10-11 08:29 - 00001307 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2015-10-11 08:29 - 2015-10-11 08:29 - 00000000 ____D C:\Windows\en
2015-10-11 08:28 - 2015-10-11 08:28 - 00001376 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2015-10-11 08:27 - 2015-10-11 08:27 - 00002488 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2015-10-11 08:19 - 2015-10-20 19:16 - 00003782 _____ C:\Windows\System32\Tasks\klcp_update
2015-10-11 08:16 - 2015-10-20 19:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2015-10-11 08:16 - 2015-10-17 02:00 - 00126976 _____ C:\Windows\system32\ff_vfw.dll
2015-10-11 08:15 - 2015-10-17 02:00 - 00112128 _____ C:\Windows\SysWOW64\ff_vfw.dll
2015-10-11 08:15 - 2015-06-22 21:25 - 00254976 _____ C:\Windows\system32\xvidvfw.dll
2015-10-11 08:15 - 2015-06-22 21:25 - 00240128 _____ C:\Windows\SysWOW64\xvidvfw.dll
2015-10-11 08:15 - 2015-06-22 21:24 - 00729088 _____ C:\Windows\system32\xvidcore.dll
2015-10-11 08:15 - 2015-06-22 21:24 - 00655872 _____ C:\Windows\SysWOW64\xvidcore.dll
2015-10-11 08:15 - 2015-02-28 23:22 - 03571200 _____ (x264vfw project) C:\Windows\system32\x264vfw64.dll
2015-10-11 08:15 - 2015-02-28 23:21 - 03591680 _____ (x264vfw project) C:\Windows\SysWOW64\x264vfw.dll
2015-10-11 08:15 - 2012-07-21 18:55 - 00180736 _____ (fccHandler) C:\Windows\system32\ac3acm.acm
2015-10-11 08:15 - 2012-07-21 18:54 - 00122880 _____ (fccHandler) C:\Windows\SysWOW64\ac3acm.acm
2015-10-11 08:15 - 2011-12-08 01:37 - 00148992 _____ ( ) C:\Windows\system32\lagarith.dll
2015-10-11 08:15 - 2011-12-08 01:32 - 00216064 _____ ( ) C:\Windows\SysWOW64\lagarith.dll
2015-10-11 08:11 - 2015-10-22 19:29 - 00000000 ____D C:\Users\Kent\.oracle_jre_usage
2015-10-11 08:11 - 2015-10-11 08:11 - 00000000 ____D C:\Users\Kent\AppData\Roaming\Sun
2015-10-11 08:09 - 2015-10-22 19:27 - 00110176 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-10-11 08:08 - 2015-10-22 20:01 - 00000000 ____D C:\Program Files\Java
2015-10-11 08:07 - 2015-10-11 08:07 - 00000000 ____D C:\Users\Kent\AppData\LocalLow\Oracle
2015-10-11 07:51 - 2015-10-11 07:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-11 07:49 - 2015-10-14 20:23 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-10-11 07:46 - 2015-10-31 00:21 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-10-11 07:46 - 2015-10-11 07:46 - 00002049 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-10-11 07:28 - 2015-10-31 01:33 - 00000000 ____D C:\AdwCleaner
2015-10-11 07:25 - 2015-10-11 07:25 - 00000000 ____D C:\Users\Kent\AppData\Local\Secunia PSI
2015-10-11 07:25 - 2015-10-11 07:25 - 00000000 ____D C:\Program Files (x86)\Secunia
2015-10-11 07:17 - 2015-10-11 07:17 - 00002050 _____ C:\Users\Kent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileHippo App Manager.lnk
2015-10-11 07:17 - 2015-10-11 07:17 - 00002020 _____ C:\Users\Kent\Desktop\FileHippo App Manager.lnk
2015-10-11 07:17 - 2015-10-11 07:17 - 00000000 ____D C:\Program Files (x86)\FileHippo.com

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-31 13:04 - 2010-10-14 04:41 - 01632110 _____ C:\Windows\WindowsUpdate.log
2015-10-31 13:04 - 2009-07-14 12:45 - 00019056 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-31 13:04 - 2009-07-14 12:45 - 00019056 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-31 13:00 - 2013-04-02 17:40 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-10-31 12:58 - 2011-08-22 23:26 - 00000000 ___RD C:\Users\Kent\Dropbox
2015-10-31 12:58 - 2011-08-22 23:23 - 00000000 ____D C:\Users\Kent\AppData\Roaming\Dropbox
2015-10-31 12:56 - 2010-10-14 05:20 - 00000000 ____D C:\Program Files\P4G
2015-10-31 12:56 - 2010-10-14 04:57 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-31 12:56 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-31 12:56 - 2009-07-14 12:51 - 00191448 _____ C:\Windows\setupact.log
2015-10-31 12:20 - 2010-10-14 05:04 - 00554072 _____ C:\Windows\PFRO.log
2015-10-31 11:31 - 2009-07-14 11:20 - 00000000 __RHD C:\Users\Default
2015-10-31 11:28 - 2009-07-14 10:34 - 00000215 _____ C:\Windows\system.ini
2015-10-31 11:04 - 2011-02-26 16:55 - 00000000 ____D C:\Users\Kent\Tracing
2015-10-31 07:25 - 2010-10-14 04:57 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-31 06:18 - 2010-10-14 05:22 - 00002469 _____ C:\Windows\system32\ServiceFilter.ini
2015-10-28 21:03 - 2011-02-26 15:54 - 00000000 ____D C:\Users\Kent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-10-28 21:03 - 2011-02-26 15:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-10-28 21:03 - 2011-02-26 15:53 - 00000000 ____D C:\Program Files\WinRAR
2015-10-28 20:46 - 2009-07-14 13:13 - 00788704 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-26 21:31 - 2014-11-16 14:54 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-22 20:01 - 2013-12-24 22:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-10-20 19:15 - 2011-02-26 19:47 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2015-10-13 20:29 - 2015-06-18 07:11 - 00000000 ____D C:\Users\Kent\AppData\Local\Dropbox
2015-10-11 08:23 - 2011-02-26 15:26 - 00000000 ____D C:\Program Files (x86)\Windows Live
2015-10-11 08:20 - 2011-08-09 11:20 - 00000000 ____D C:\Users\Kent\AppData\Roaming\Mozilla
2015-10-11 08:20 - 2009-07-14 11:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-10-11 08:14 - 2011-04-09 09:11 - 00000000 ____D C:\Program Files (x86)\Java
2015-10-11 08:13 - 2011-02-26 15:28 - 00088526 _____ C:\Windows\DirectX.log
2015-10-11 08:11 - 2011-02-26 15:25 - 00000000 ____D C:\Users\Kent
2015-10-11 08:08 - 2013-12-24 22:48 - 00000000 ____D C:\ProgramData\Oracle
2015-10-11 07:51 - 2011-08-09 11:18 - 00001161 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-10-11 07:51 - 2011-08-09 11:18 - 00001149 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-10-11 07:50 - 2011-08-09 11:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-11 07:49 - 2011-02-27 12:18 - 00000000 ____D C:\Users\Kent\AppData\Local\Adobe
2015-10-11 07:46 - 2010-10-14 04:55 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-10-11 07:38 - 2010-10-14 05:22 - 00002216 _____ C:\Windows\system32\AutoRunFilter.ini
2015-10-11 07:37 - 2015-09-22 13:07 - 00000000 ____D C:\Users\Kent\AppData\Local\minimalwinsockDrv
2015-10-11 03:31 - 2014-11-18 22:16 - 00000000 ____D C:\Users\Kent\AppData\Local\CommandDirect3dKeyboard
2015-10-11 03:31 - 2013-10-31 00:43 - 00000000 ____D C:\Program Files (x86)\Rapider
2015-10-10 23:32 - 2012-08-25 13:45 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-10-10 23:20 - 2010-10-14 04:57 - 00000000 ____D C:\Program Files (x86)\ASUS
2015-10-10 23:19 - 2010-10-14 05:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility
2015-10-10 23:14 - 2010-10-14 04:54 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-10-10 23:14 - 2010-10-14 04:53 - 00000000 ____D C:\ProgramData\CyberLink
2015-10-10 23:14 - 2010-10-14 04:53 - 00000000 ____D C:\Program Files (x86)\CyberLink

==================== Files in the root of some directories =======

2013-12-19 03:50 - 2015-03-24 00:05 - 0000127 _____ () C:\Users\Kent\AppData\Roaming\WB.CFG
2013-10-31 00:53 - 2013-10-31 00:53 - 0000218 _____ () C:\Users\Kent\AppData\Local\recently-used.xbel
2010-10-14 04:58 - 2010-07-07 07:10 - 0131472 _____ () C:\ProgramData\FullRemove.exe
2010-10-14 04:54 - 2010-10-14 04:54 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-10-14 04:53 - 2010-10-14 04:54 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

Some files in TEMP:
====================
C:\Users\Kent\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgflpdu.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-07 22:05

==================== End of FRST.txt ============================

 

[KentLim]

Additional scan result of Farbar Recovery Scan Tool (x64) Version:30-10-2015
Ran by Kent (2015-10-31 13:05:59)
Running from C:\Users\Kent\Desktop\New folder
Windows 7 Home Premium Service Pack 1 (X64) (2011-02-26 07:24:57)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3789560024-2566756074-542660013-500 - Administrator - Disabled)
Guest (S-1-5-21-3789560024-2566756074-542660013-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3789560024-2566756074-542660013-1002 - Limited - Enabled)
Kent (S-1-5-21-3789560024-2566756074-542660013-1000 - Administrator - Enabled) => C:\Users\Kent

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Disabled - Up to date) {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
AS: Kaspersky Internet Security (Disabled - Up to date) {0F7D947C-13CC-4207-47BE-41AC12334EC6}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Disabled) {8C27F4BD-7F99-4CD1-5651-D3EB97674300}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20077 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.42.34 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.1.171 - Adobe Systems, Inc.)
ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.10 - ASUS)
ASUS AP Bank (HKLM-x32\...\ASUS AP Bank_is1) (Version: 1.0.0.0 - ASUSTEK)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0019 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.38 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0008 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0028 - ASUS)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 2.0.46.1429 - eCareme Technologies, Inc.)
ATI AVIVO64 Codecs (Version: 10.12.0.00122 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{D0528577-31BF-2ABC-D7FC-E443EBF8B40A}) (Version: 3.0.758.0 - ATI Technologies, Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0003 - ASUS)
Canon iP1800 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP1800_series) (Version: - )
ccc-core-static (x32 Version: 2010.0122.858.16002 - ATI) Hidden
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.5 - ASUS)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.10.8 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.37 - Dropbox, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.4 - ASUS)
ffdshow [rev 3154] [2009-12-09] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version: - FileHippo.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.115.11 - Intel)
Java 8 Update 66 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418066F0}) (Version: 8.0.660.17 - Oracle Corporation)
K_Series_ScreenSaver_EN (HKLM-x32\...\K_Series_ScreenSaver_EN) (Version: - )
Kaspersky Internet Security 2013 (HKLM-x32\...\InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}) (Version: 13.0.1.4190 - Kaspersky Lab)
Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190 - Kaspersky Lab) Hidden
K-Lite Mega Codec Pack 11.5.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.5.5 - )
MagicCute Data Recovery 2011.1 (HKLM-x32\...\{961FBA1C-C20F-463F-B9B1-30A2D96CC5E3}_is1) (Version: - MagicCute)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MergeModule_x64 (Version: 9.1.00 - Sony Corporation) Hidden
MergeModule_x86 (x32 Version: 9.3.00 - Sony Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Standard 2010 (HKLM-x32\...\Office14.STANDARD) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
PC Connectivity Solution (HKLM-x32\...\{089DD780-DB3F-4CDB-A0C2-111360247298}) (Version: 10.24.0.0 - Nokia)
PlayMemories Home (HKLM-x32\...\{94F4815B-755A-4FFA-AFDC-EE8FE776981E}) (Version: 5.0.01.09090 - Sony Corporation)
PMB_ModeEditor (x32 Version: 9.3.00 - Sony Corporation) Hidden
PMB_ServiceUploader (x32 Version: 10.0.01 - Sony Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6136 - Realtek Semiconductor Corp.)
RogueKiller version 10 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 10 - Adlice Software)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SRS Premium Sound Control Panel (HKLM\...\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}) (Version: 1.8.5900 - SRS Labs, Inc.)
STREET FIGHTER IV (HKLM-x32\...\{59ABBDF0-E1E5-48AF-85FB-F523A08C3490}) (Version: 1.00.3013 - CAPCOM U.S.A., INC.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
syncables desktop SE (HKLM-x32\...\{341697D8-9923-445E-B42A-529E5A99CB7A}) (Version: 5.5.746.11492 - syncables)
WD Drive Utilities (HKLM-x32\...\{3E9C9EE1-1964-4519-BF80-652E7F415ECF}) (Version: 1.0.0 - Western Digital)
WD Security (HKLM-x32\...\{3F24FF1D-A137-4812-8989-D8D5EA480CFD}) (Version: 1.0.6.3 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{EC39CC32-E144-42E4-9A59-53C20B408BDE}) (Version: 1.5.4 - Western Digital)
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9600 - Broadcom Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.30.3 - ASUS)
WinRAR 5.30 beta 6 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.6 - win.rar GmbH)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.10 - ASUS)
谷歌拼音输入法 2.6 (HKLM\...\GooglePinyin2) (Version: - Google Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3789560024-2566756074-542660013-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Kent\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3789560024-2566756074-542660013-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Kent\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3789560024-2566756074-542660013-1000_Classes\CLSID\{6D7AE628-FF41-4CD3-91DD-34825BB1A251}\localserver32 -> C:\Program Files\AutoCAD 2010\acad.exe /Automation => No File
CustomCLSID: HKU\S-1-5-21-3789560024-2566756074-542660013-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Kent\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3789560024-2566756074-542660013-1000_Classes\CLSID\{D70E31AD-2614-49F2-B0FC-ACA781D81F3E}\localserver32 -> C:\Program Files\AutoCAD 2010\acad.exe => No File
CustomCLSID: HKU\S-1-5-21-3789560024-2566756074-542660013-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\AutoCAD 2010\acadficn.dll => No File
CustomCLSID: HKU\S-1-5-21-3789560024-2566756074-542660013-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Kent\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3789560024-2566756074-542660013-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Kent\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File

==================== Restore Points =========================

22-10-2015 21:08:26 JRT Pre-Junkware Removal
25-10-2015 15:16:32 JRT Pre-Junkware Removal
25-10-2015 17:33:38 JRT Pre-Junkware Removal
25-10-2015 21:06:00 Windows Backup
31-10-2015 06:32:08 JRT Pre-Junkware Removal
31-10-2015 12:01:21 Removed ASUS MultiFrame

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 10:34 - 2015-10-31 11:28 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03AFE859-EE64-4B49-A6A2-D8F72FDDD085} - System32\Tasks\{3A7C8322-DF2D-40A9-9BC2-F106078362FE} => pcalua.exe -a E:\windows版BT3破解系统\Setup.exe -d E:\windows版BT3破解系统
Task: {132EAAC6-12EC-4BC4-8D89-87359443BDA8} - System32\Tasks\{B3B45932-42EA-4F7C-9138-15103F1001DE} => pcalua.exe -a c:\PROGRA~2\baidu\{81B66~1\ASBarBroker.exe -c -runasAdmin -SVCUninstall -addressbar.dll
Task: {306DB828-C7ED-40C1-B0F2-10216F1B6D44} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-12-01] ()
Task: {4C4D5D27-648D-4420-8587-F56556E41B0A} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-10-13] (Dropbox, Inc.)
Task: {577386FD-99FF-4656-BC18-C196F9DF8913} - System32\Tasks\Google Pinyin Daemon => C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe [2012-02-22] (Google Inc.)
Task: {5AB20226-D7B8-4CD3-A397-B95523793C1E} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-07-06] (ASUS)
Task: {66B51799-8CDD-472B-A131-09D976D5AFBB} - System32\Tasks\WC3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2009-07-25] ()
Task: {8B38C61E-BEBD-488B-88DE-38EA691170FD} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-10-17] ()
Task: {A9088DAE-5451-484F-8D36-38875CAE2FE1} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-08-01] (ASUS)
Task: {B00A4908-6D15-484D-9303-523DD86A0C03} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {BC67CA69-4CAD-4053-854A-29EDA358108C} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe [2009-11-25] ()
Task: {CDABBECD-EA87-45A4-AF76-9514528EB433} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2009-07-24] (ATK)
Task: {E1D91AD7-FB14-4982-89BF-2808136B104F} - System32\Tasks\{1786582C-E4EC-4562-A213-ECD7B763A766} => pcalua.exe -a "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe"
Task: {E47EC6A1-77E4-445A-89EC-C0D136F362E1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {E81E025D-55D8-4FF7-92C3-3321F8D8598C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {F70A062B-65C5-427C-A261-093F17F117D8} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-10-13] (Dropbox, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2010-03-16 09:48 - 2010-03-16 09:48 - 00148816 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\EcaremeDLL.dll
2010-10-14 04:57 - 2010-10-14 04:57 - 00030032 _____ () C:\Windows\assembly\GAC_MSIL\SqliteShared\1.0.3726.20828__0d0f4b69e50e559b\SqliteShared.dll
2010-10-14 04:57 - 2010-10-14 04:57 - 00931840 _____ () C:\Windows\assembly\GAC_64\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll
2009-07-02 09:54 - 2009-07-02 09:54 - 00173344 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2010-10-14 05:22 - 2007-12-01 02:20 - 00051768 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
2009-07-25 01:32 - 2009-07-25 01:32 - 01593344 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2010-01-12 01:27 - 2010-01-12 01:27 - 00017920 _____ () C:\Program Files\P4G\DevMng.dll
2009-11-25 04:45 - 2009-11-25 04:45 - 00053888 _____ () C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
2008-10-01 14:02 - 2008-10-01 14:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2012-02-22 21:38 - 2012-02-22 21:38 - 01318456 _____ () C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe
2015-09-22 13:07 - 2015-09-21 11:23 - 00187904 _____ () C:\Program Files (x86)\PopApp\msvidctlmcx2filterMonitor.exe
2010-11-02 07:33 - 2010-11-02 07:33 - 01083392 ____R () C:\Program Files\Western Digital\WD SmartWare\System.Data.SQLite.dll
2010-03-16 09:48 - 2010-03-16 09:48 - 01754448 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
2015-09-02 19:00 - 2015-09-02 19:00 - 10566352 _____ () C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe
2013-01-14 14:41 - 2013-01-14 14:41 - 01310136 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\kpcengine.2.2.dll
2012-08-17 21:38 - 2012-08-17 21:38 - 00479160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
2015-10-31 12:57 - 2015-10-31 12:57 - 00071168 _____ () c:\users\kent\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgflpdu.dll
2015-10-13 20:28 - 2015-09-24 07:07 - 00012800 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick.2\qtquick2plugin.dll
2015-10-13 20:28 - 2015-09-24 07:07 - 00779776 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-10-13 20:28 - 2015-09-24 07:07 - 00056320 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-10-13 20:28 - 2015-09-24 07:07 - 00012288 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Window.2\windowplugin.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Kent\Desktop\2016 CNY flight.pdf:com.dropbox.attributes

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3789560024-2566756074-542660013-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Kent\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{AF4F58B6-C469-473E-A731-40D6126F62CB}] => (Allow) LPort=5353
FirewallRules: [{54C05B76-818D-4523-92AF-C9E93CCEFC87}] => (Allow) LPort=8182
FirewallRules: [{168EF728-C556-4067-9442-33FB5AA87234}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [TCP Query User{BA563F92-91EF-4713-BB58-E04E17495B89}C:\program files (x86)\bitcomet\bitcomet.exe] => (Allow) C:\program files (x86)\bitcomet\bitcomet.exe
FirewallRules: [UDP Query User{08DB9C12-FD16-4213-8C6C-29A83D4C983A}C:\program files (x86)\bitcomet\bitcomet.exe] => (Allow) C:\program files (x86)\bitcomet\bitcomet.exe
FirewallRules: [{11143E97-9E5C-4CC2-B4D8-DD0BD02E72F3}] => (Allow) C:\Program Files (x86)\CAPCOM\STREETFIGHTERIV\StreetFighterIV.exe
FirewallRules: [{6ED67E48-BA22-444E-9418-8BFD7E8F2009}] => (Allow) C:\Program Files (x86)\CAPCOM\STREETFIGHTERIV\StreetFighterIV.exe
FirewallRules: [TCP Query User{C4A33F71-7DDA-4931-AB33-0C73010CF484}C:\users\kent\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\kent\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{796AFE7A-7BBE-4FE9-8B7F-583B2764B1AC}C:\users\kent\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\kent\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{6AFF8C7D-C2B2-4948-A94D-5985ECE525AA}C:\program files (x86)\deluge\deluge.exe] => (Block) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [UDP Query User{59F1E676-0EC9-4E2B-A21A-1D490B0A657E}C:\program files (x86)\deluge\deluge.exe] => (Block) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [TCP Query User{29725256-9A05-4C05-8133-D711E9238289}C:\program files (x86)\dead space 2\deadspace2.exe] => (Block) C:\program files (x86)\dead space 2\deadspace2.exe
FirewallRules: [UDP Query User{C92CC61D-F986-4477-BE1D-9A30DD0A3812}C:\program files (x86)\dead space 2\deadspace2.exe] => (Block) C:\program files (x86)\dead space 2\deadspace2.exe
FirewallRules: [{27307E93-FC85-4550-A3DB-AE95C8D62B77}] => (Allow) C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe
FirewallRules: [{07DCCEE7-F21C-4B1B-B0C8-9DC47CC23F78}] => (Allow) C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe
FirewallRules: [{9F6FBE63-858D-46B9-8B90-80B911668369}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C2C7CA2F-347C-4FFD-A8EE-2D9440273C66}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{84C924BD-C275-4E8C-B51E-672E1ED1C3B1}] => (Allow) C:\Program Files (x86)\mystarttb\dtuser.exe
FirewallRules: [{AC50DF9F-F8BC-4F1B-8448-97B7A1AE1FA1}] => (Allow) C:\Program Files (x86)\mystarttb\dtuser.exe
FirewallRules: [{64220AD3-B801-4BAC-B478-D57484EB45C9}] => (Allow) C:\Program Files (x86)\mystarttb\ToolbarCleaner.exe
FirewallRules: [{E5FD661C-CA29-416E-A0E5-D450C1CED081}] => (Allow) C:\Program Files (x86)\mystarttb\ToolbarCleaner.exe
FirewallRules: [{4FABF347-B795-45E5-885F-0F7C9A119771}] => (Allow) C:\ProgramData\EmailNotifier\EmailNotifier.exe
FirewallRules: [{4A70F0D0-9F00-4502-915B-4B79F21D26B1}] => (Allow) C:\ProgramData\EmailNotifier\EmailNotifier.exe
FirewallRules: [{864ECCDB-B784-4E6F-A35C-8716574678EF}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{F5ED28D8-A9BC-4306-9D9E-D8AA11936A41}] => (Allow) LPort=2869
FirewallRules: [{143167C9-3D53-4552-A0E0-8386DCCEBDF5}] => (Allow) LPort=1900
FirewallRules: [{CC3144B7-E970-49F0-8BC9-5D7659DE250E}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{BE59B8A7-F494-4C26-94CB-54831C00BFB9}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{517DD79F-03A2-465C-963B-46A607577CD2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Ethernet Controller
Description: Ethernet Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: BT-270
Description: BT-270
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/31/2015 12:58:31 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/31/2015 12:26:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.
.

Error: (10/31/2015 11:47:22 AM) (Source: MsiInstaller) (EventID: 11721) (User: NT AUTHORITY)
Description: Product: Avira Browser Safety -- Error 1721. There is a problem with this Windows Installer package. A program required for this install to complete could not be run. Contact your support personnel or package vendor. Action: TrackMSIFailed, location: C:\Windows\Installer\MSI174.tmp, command: "MSI Failed"

Error: (10/31/2015 11:47:21 AM) (Source: MsiInstaller) (EventID: 11721) (User: NT AUTHORITY)
Description: Product: Avira Browser Safety -- Error 1721. There is a problem with this Windows Installer package. A program required for this install to complete could not be run. Contact your support personnel or package vendor. Action: TrackMSILaunchForFirstTime, location: C:\Windows\Installer\MSID7.tmp, command: "MSI Launched" "type:install"

Error: (10/31/2015 07:28:18 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program winlogon.exe.exe version 10.11.3.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2ba4

Start Time: 01d113641f1848a5

Termination Time: 0

Application Path: C:\Users\Kent\Desktop\New folder\winlogon.exe.exe

Report Id: df7ecba6-7f5d-11e5-87a7-a921601d4ace

Error: (10/31/2015 01:29:41 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program RogueKiller.exe version 10.11.3.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 16d8

Start Time: 01d11333ccef82d4

Termination Time: 2

Application Path: C:\Program Files\RogueKiller\RogueKiller.exe

Report Id: c4b70885-7f2b-11e5-942f-9513da33adb9

Error: (10/31/2015 12:51:01 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program RogueKiller.exe version 10.11.3.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 784

Start Time: 01d113325c34e240

Termination Time: 2

Application Path: C:\Users\Kent\Desktop\New folder\RogueKiller.exe

Report Id: 5ab056cd-7f26-11e5-942f-9513da33adb9

Error: (10/31/2015 12:45:04 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program RogueKiller.exe version 10.11.3.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1170

Start Time: 01d1132bf0a752ce

Termination Time: 15

Application Path: C:\Users\Kent\Desktop\New folder\RogueKiller.exe

Report Id: 7a2c3974-7f25-11e5-942f-9513da33adb9

Error: (10/31/2015 12:44:21 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (10/31/2015 12:20:15 AM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY)
Description: Product: Adobe Refresh Manager -- Error 2761.Cannot begin transaction. Global mutex not properly initialized.


System errors:
=============
Error: (10/31/2015 12:56:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The KernelNativeRuntime.exe service failed to start due to the following error:
%%2

Error: (10/31/2015 12:56:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DatabaseMemoryPython.exe service failed to start due to the following error:
%%2

Error: (10/31/2015 12:56:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CGIEncondingSymbolic.exe service failed to start due to the following error:
%%2

Error: (10/31/2015 12:56:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The biosmemdiagx86.exe service failed to start due to the following error:
%%2

Error: (10/31/2015 12:56:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ad10292fd537312.exe service failed to start due to the following error:
%%2

Error: (10/31/2015 12:56:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The 1838e5927a77d55.exe service failed to start due to the following error:
%%2

Error: (10/31/2015 12:52:44 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (10/31/2015 12:52:44 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (10/31/2015 12:52:44 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (10/31/2015 12:52:44 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068


CodeIntegrity:
===================================
Date: 2015-10-31 11:22:06.422
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-10-31 11:22:06.301
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-09-14 10:24:45.555
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-09-14 10:24:45.505
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-09-14 10:24:45.479
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-09-14 10:24:45.441
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-09-14 10:22:05.987
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-09-14 10:22:05.865
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-08-21 00:09:15.407
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-08-21 00:09:15.407
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7 CPU Q 740 @ 1.73GHz
Percentage of memory in use: 83%
Total physical RAM: 4021.53 MB
Available physical RAM: 661.01 MB
Total Virtual: 8041.25 MB
Available Virtual: 4924.66 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:116.44 GB) (Free:45.06 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (DATA) (Fixed) (Total:329.79 GB) (Free:21.14 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E0C5913D)
Partition 1: (Not Active) - (Size=19.5 GB) - (Type=1C)
Partition 2: (Active) - (Size=116.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=329.8 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================

 

[KentLim]

Just a quick update, the advertisement sounds still pops out and the process of shutting down the laptop is taking longer time than usual.

 

[Broni]

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

[KentLim]

Fix result of Farbar Recovery Scan Tool (x64) Version:30-10-2015
Ran by Kent (2015-11-01 10:38:33) Run:1
Running from C:\Users\Kent\Desktop
Loaded Profiles: Kent (Available Profiles: Kent)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
ProxyServer: [S-1-5-21-3789560024-2566756074-542660013-1000] => http=127.0.0.1:12498
RemoveProxy:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3789560024-2566756074-542660013-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-3789560024-2566756074-542660013-1000 -> DefaultScope {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL =
SearchScopes: HKU\S-1-5-21-3789560024-2566756074-542660013-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3789560024-2566756074-542660013-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-3789560024-2566756074-542660013-1000 -> {A8105727-97B2-4B68-8BA5-57150A17B1B3} URL = hxxp://eseeky.com/ws/?source=728386ab?tbp=rbox&toolbarid=base&u=e2e5403e218949ba6fc9ff27b3b301537c145f85&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3789560024-2566756074-542660013-1000 -> {B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2} URL = hxxp://www.baidu.com/s?wd={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&abar=2&tn=14015055_adr&ch=33
BHO-x32: Google Dictionary Compression sdch -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -> C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll => No File
CHR HomePage: Default -> hxxp://www.eseeky.com/ws/?source=728386ab&tbp=homepage&toolbarid=base&u=e2e5403e218949ba6fc9ff27b3b301537c145f85
CHR DefaultSearchURL: Default -> hxxps://mystart.com/default-search/rsc001__moss__org103__103_55f1ea83a6fde195087b23c7__2_4_5__moc__nt__yr/?q={searchTerms}
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll => No File
CHR Plugin: (Skype Toolbars) - C:\Users\Kent\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll => No File
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll => No File
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Users\Kent\AppData\Local\Google\Chrome\Application\plugins\nppl3260.dll => No File
CHR Plugin: (RealPlayer Version Plugin) - C:\Users\Kent\AppData\Local\Google\Chrome\Application\plugins\nprpjplug.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.2.183.13\npGoogleOneClick8.dll => No File
CHR Plugin: (Google Update) - C:\Users\Kent\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Kent\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll => No File
S2 1838e5927a77d55.exe; C:\Users\Kent\AppData\Local\17ec750aaca5d6421b8bef3070b772f0\1838e5927a77d55.exe [X]
S2 ad10292fd537312.exe; C:\Users\Kent\AppData\Local\f1c240225864e161d177c8a7efd7ff64\ad10292fd537312.exe [X]
S2 biosmemdiagx86.exe; C:\Users\Kent\AppData\Local\biosmemdiagx86\biosmemdiagx86.exe [X]
S2 CGIEncondingSymbolic.exe; C:\Users\Kent\AppData\Local\79c7378346a814de522f519cb93cc990\CGIEncondingSymbolic.exe [X]
S2 DatabaseMemoryPython.exe; C:\Users\Kent\AppData\Local\DatabaseMemoryPython\DatabaseMemoryPython.exe [X]
S2 KernelNativeRuntime.exe; C:\Users\Kent\AppData\Local\KernelNativeRuntime\KernelNativeRuntime.exe [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 JME; system32\DRIVERS\JME.sys [X]
S3 SNP2UVC; system32\DRIVERS\snp2uvc.sys [X]
U3 tmlwf; no ImagePath
U3 tmwfp; no ImagePath
2013-12-19 03:50 - 2015-03-24 00:05 - 0000127 _____ () C:\Users\Kent\AppData\Roaming\WB.CFG
2013-10-31 00:53 - 2013-10-31 00:53 - 0000218 _____ () C:\Users\Kent\AppData\Local\recently-used.xbel
2010-10-14 04:58 - 2010-07-07 07:10 - 0131472 _____ () C:\ProgramData\FullRemove.exe
2010-10-14 04:54 - 2010-10-14 04:54 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-10-14 04:53 - 2010-10-14 04:54 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
C:\Users\Kent\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgflpdu.dll
CustomCLSID: HKU\S-1-5-21-3789560024-2566756074-542660013-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Kent\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3789560024-2566756074-542660013-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Kent\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3789560024-2566756074-542660013-1000_Classes\CLSID\{6D7AE628-FF41-4CD3-91DD-34825BB1A251}\localserver32 -> C:\Program Files\AutoCAD 2010\acad.exe /Automation => No File
CustomCLSID: HKU\S-1-5-21-3789560024-2566756074-542660013-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Kent\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3789560024-2566756074-542660013-1000_Classes\CLSID\{D70E31AD-2614-49F2-B0FC-ACA781D81F3E}\localserver32 -> C:\Program Files\AutoCAD 2010\acad.exe => No File
CustomCLSID: HKU\S-1-5-21-3789560024-2566756074-542660013-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\AutoCAD 2010\acadficn.dll => No File
CustomCLSID: HKU\S-1-5-21-3789560024-2566756074-542660013-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Kent\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3789560024-2566756074-542660013-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Kent\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File


*****************

"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKU\S-1-5-21-3789560024-2566756074-542660013-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully

========= RemoveProxy: =========

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-3789560024-2566756074-542660013-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-3789560024-2566756074-542660013-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-3789560024-2566756074-542660013-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
HKU\S-1-5-21-3789560024-2566756074-542660013-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
HKU\S-1-5-21-3789560024-2566756074-542660013-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-3789560024-2566756074-542660013-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKU\S-1-5-21-3789560024-2566756074-542660013-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => key removed successfully
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found.
"HKU\S-1-5-21-3789560024-2566756074-542660013-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A8105727-97B2-4B68-8BA5-57150A17B1B3}" => key removed successfully
HKCR\CLSID\{A8105727-97B2-4B68-8BA5-57150A17B1B3} => key not found.
"HKU\S-1-5-21-3789560024-2566756074-542660013-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}" => key removed successfully
HKCR\CLSID\{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}" => key removed successfully
Chrome HomePage => removed successfully
Chrome DefaultSearchURL => removed successfully
C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\pdf.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\gcswf32.dll => not found.
C:\Windows\system32\Macromed\Flash\NPSWF32.dll => not found.
C:\Users\Kent\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll => not found.
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll => not found.
C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll => not found.
C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll => not found.
C:\Users\Kent\AppData\Local\Google\Chrome\Application\plugins\nppl3260.dll => not found.
C:\Users\Kent\AppData\Local\Google\Chrome\Application\plugins\nprpjplug.dll => not found.
C:\Program Files (x86)\Google\Update\1.2.183.13\npGoogleOneClick8.dll => not found.
C:\Users\Kent\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll => not found.
C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => not found.
C:\Users\Kent\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll => not found.
1838e5927a77d55.exe => service removed successfully
ad10292fd537312.exe => service removed successfully
biosmemdiagx86.exe => service removed successfully
CGIEncondingSymbolic.exe => service removed successfully
DatabaseMemoryPython.exe => service removed successfully
KernelNativeRuntime.exe => service removed successfully
catchme => service removed successfully
JME => service removed successfully
SNP2UVC => service removed successfully
tmlwf => service removed successfully
tmwfp => service removed successfully
C:\Users\Kent\AppData\Roaming\WB.CFG => moved successfully
C:\Users\Kent\AppData\Local\recently-used.xbel => moved successfully
C:\ProgramData\FullRemove.exe => moved successfully
C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log => moved successfully
C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log => moved successfully
"C:\Users\Kent\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgflpdu.dll" => not found.
"HKU\S-1-5-21-3789560024-2566756074-542660013-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => key removed successfully
"HKU\S-1-5-21-3789560024-2566756074-542660013-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => key removed successfully
"HKU\S-1-5-21-3789560024-2566756074-542660013-1000_Classes\CLSID\{6D7AE628-FF41-4CD3-91DD-34825BB1A251}" => key removed successfully
"HKU\S-1-5-21-3789560024-2566756074-542660013-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => key removed successfully
"HKU\S-1-5-21-3789560024-2566756074-542660013-1000_Classes\CLSID\{D70E31AD-2614-49F2-B0FC-ACA781D81F3E}" => key removed successfully
"HKU\S-1-5-21-3789560024-2566756074-542660013-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}" => key removed successfully
"HKU\S-1-5-21-3789560024-2566756074-542660013-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}" => key removed successfully
"HKU\S-1-5-21-3789560024-2566756074-542660013-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => key removed successfully

==== End of Fixlog 10:38:35 ====

 

[Broni]

Last scans...

Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:

• Internet Services
• Windows Firewall
• System Restore
• Security Center
• Windows Update
• Windows Defender
• Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

• Double click the icon and select Run
• Click Next
• Select I accept the terms in this license agreement, then click Next twice
• Click Install
• Click Finish to launch the program
• Once the virus database has been updated click Start Scanning
• If any threats are found click Details, then View log file... (bottom left hand corner)
• Copy and paste the results in your reply
• Close the Notepad document, close the Threat Details screen, then click Start cleanup
• Click Exit to close the program

 

[KentLim]

Results of screen317's Security Check version 1.009
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Kaspersky Internet Security
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java version 32-bit out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Mozilla Firefox (42.0)
Google Chrome (46.0.2490.71)
Google Chrome (46.0.2490.80)
````````Process Check: objlist.exe by Laurent````````
Kaspersky Lab Kaspersky Internet Security 2013 avp.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 4%
````````````````````End of Log``````````````````````

 

[KentLim]

Farbar Service Scanner Version: 26-07-2015
Ran by Kent (administrator) on 01-11-2015 at 11:52:41
Running from "C:\Users\Kent\Desktop\New folder"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****